We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Twitter security threats explained

Think Tweeting is harmless? Think again

While Twitter can be good for keeping up-to-date on the activities of your pals and colleagues, the micro-blogging service took on a whole new twist in June this year, as tweets from the streets of Tehran flooded Twitter. Frequent Twitter users - and people who hadn't even heard of the microblogging service - were suddenly and simultaneously witnessing its potential.

At the same time, antivirus vendors were warning of new phishing attacks that spread via Twitter. Using Twitter accounts, phishers would follow users and then infect them via a link to a fake profile page laden with malware. Like instant messaging, MySpace, and Facebook before it, Twitter had come of age.

Twitter's meteoric rise in 2009 has been rough. Aside from scaling issues due to the influx of users, in January a hack compromised the accounts of 33 high-profile users, including President Barack Obama, CNN anchor Rick Sanchez, and entertainer Britney Spears.

In April, a Twitter worm known as 'Mikeyy' or 'StalkDaily' surfaced. Twitter shut it down - plus a few follow-up viruses - fairly quickly. Cofounder Biz Stone wrote on the company blog, "Twitter takes security very seriously and we will be following up on all fronts."

Shortened-URL dangers

Parallel to the growth of Twitter is the expansion of URL-shortening services. Fitting your thoughts into 140 characters takes practice; including full URLs is almost impossible. Usually URLs have to be truncated through services such as Bit.ly and TinyURL.com, which also mask the true destination URL and can present their own security problems as a result.

In June, a wave of hidden poisoned URLs swept Twitter, using Bit.ly links to low.cc and myworlds.mp domains where users were asked to download a file to view a video. The file held malware. Bit.ly and TinyURL have been responsive; Bit.ly, for one, now blocks those low.cc and myworlds.mp domains.

At least one security product, ZoneAlarm, blocks access to TinyURL.com by default (you can unblock it). TinyURL has a preview feature, and Firefox has a Bit.ly preview add-on. Some Twitter apps, such as TweetDeck and Tweetie, also preview the URL before you click.

Last month, Avi Raff of RSA had just announced 'A Month of Twitter Bugs', during which researchers plan to disclose a new Twitter vulnerability each day.

Citing previous efforts focused on browsers and on Apple Mac OS vulnerabilities, Raff says his goal is not to break Twitter but to improve it and to address all social networking flaws.

"I hope that Twitter and other Web 2.0 API providers will work closely with their API consumers to develop more secure products." The first disclosed Twitter bug concerned cross-site scripting flaws in Bit.ly. Within hours of the disclosure, Bit.ly corrected them.

Download FREE whitepapers:

Ten tips on security

Make sure your network is secure

PC security advice

Take part in PC Advisor's Broadband Survey 2009

NEXT PAGE: Follow me, please

  1. Think Tweeting is harmless? Think again
  2. Follow me, please


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite