We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,780 News Articles

Hackers exploit Twitter flaw

Bug can 'force people to follow you'

Hackers are exploiting a bug in Twitter, which can compromise users accounts, according to a security researcher.

Aviv Raff said the Twitter vulnerability could expose users to malware-hosting websites. "It can force people to follow you, which means all your twits will be showed in their Twitter home page, including potentially malicious links," Raff said.

Raff launched the website Twitpwn to report the research he'd done on the social networking and micro-blogging service.

"Twitter security team was notified on 31-July-2008. Technical details will be added as soon as this vulnerability will be fixed," he said.

An attacker can currently leverage the bug by tricking users into clicking on a link on a malicious or hacked website. From that point, the victim's Twitter account is automatically set to follow the attacker's.

On Twitter, 'following' another means receiving all updates, or 'tweets', sent by the other user. Those tweets are collected and displayed on the following user's Twitter home page, or on their phone or in their instant messaging client.

This Twitter bug is the newer of a pair that Raff has found on the service. Last week, he reported another vulnerability that allowed spammers and phishers to send emails that included links to malicious sites to other Twitter users. Twitter has since patched that flaw.

Expect more Twitter research, Raff said. "I'm working on several ways to abuse Twitter as a platform [and I'll] publish my research in this blog when I'm done," he said, referring to his Twitpwn site.

Raff is better known as a browser vulnerability researcher, notably for his part in May in uncovering a threat posed by the 'carpet bomb' bug in Apple's Safari to users of Microsoft's Internet Explorer. Most recently, he warned of several bugs in Apple's iPhone that could be used by phishers to dupe users into visiting malicious sites or by spammers to flood the phone's in-box with junk mail.


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...