We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
75,052 News Articles

Hackers exploit Twitter flaw

Bug can 'force people to follow you'

Hackers are exploiting a bug in Twitter, which can compromise users accounts, according to a security researcher.

Aviv Raff said the Twitter vulnerability could expose users to malware-hosting websites. "It can force people to follow you, which means all your twits will be showed in their Twitter home page, including potentially malicious links," Raff said.

Raff launched the website Twitpwn to report the research he'd done on the social networking and micro-blogging service.

"Twitter security team was notified on 31-July-2008. Technical details will be added as soon as this vulnerability will be fixed," he said.

An attacker can currently leverage the bug by tricking users into clicking on a link on a malicious or hacked website. From that point, the victim's Twitter account is automatically set to follow the attacker's.

On Twitter, 'following' another means receiving all updates, or 'tweets', sent by the other user. Those tweets are collected and displayed on the following user's Twitter home page, or on their phone or in their instant messaging client.

This Twitter bug is the newer of a pair that Raff has found on the service. Last week, he reported another vulnerability that allowed spammers and phishers to send emails that included links to malicious sites to other Twitter users. Twitter has since patched that flaw.

Expect more Twitter research, Raff said. "I'm working on several ways to abuse Twitter as a platform [and I'll] publish my research in this blog when I'm done," he said, referring to his Twitpwn site.

Raff is better known as a browser vulnerability researcher, notably for his part in May in uncovering a threat posed by the 'carpet bomb' bug in Apple's Safari to users of Microsoft's Internet Explorer. Most recently, he warned of several bugs in Apple's iPhone that could be used by phishers to dupe users into visiting malicious sites or by spammers to flood the phone's in-box with junk mail.


IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

iOS 8 features wishlist: the changes iPhone and iPad users want in Apple's iOS 8

IDG UK Sites

25 Years of the World Wide Web: Happy Birthday, Intenet

IDG UK Sites

Developers get access to more Sony camera features