Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A vulnerability in a third-party service through which users post photos to their Twitter profiles allowed hackers to falsely report that Britney Spears had died.The attackers, apparently preying on the fact that several notable celebrities died last week, including Michael Jackson, were able to post a message to Spears' Twitter profile that claimed she too had passed away.Twitpic founder Noah Everett, in a blog post, said the attackers used a technique known as brute force to guess the email PINs of about ten users, which they were able to use to automatically post messages to various Twitter pages. Everett did not address Spears by name in his post.The intruders tried every possible combination of the PIN until they got it right, Everett said. Twitpic has since fixed the vulnerability."I want to stress that no account information was compromised," he wrote. "The vulnerability only allowed someone to post a photo to Twitpic/Twitter on someone's behalf, but did not allow access to their account in any way. Once we were made aware of the issue, we immediately began working on a fix and also shut down [our] email system to prevent any unauthorised posting."The post has been removed from Spears' account. The latest tweet from the celebrity, posted Sunday afternoon, said, "Britney's Twitter was just hacked. The last message is obviously not true. She is fine and dandy spending a quiet day at home relaxing." Spears has more than 2.1 million followers, making her one of the most popular Twitter users.Similar messages also were posted to the accounts of Ellen DeGeneres and Miley Cyrus, according to reports."I want to make it clear that this was not a Twitter issue, but a Twitpic issue, and I take full responsibility for it," Everett wrote, adding that an investigation, in conjunction with internet service providers, is underway to determine the source of the attacks.Ironically, the attacks came just three days before researcher Aviv Raff is set to launch his "Month of Twitter Bugs" project, which will unveil a vulnerability a day in the third-party services such as Twitpic that use the Twitter application programming interface (API). Raff said he was not surprised to hear of the incidents over the weekend."Third-party Twitter services are just another way to [Tweet] to the world, and attackers will try to abuse it," Raff said in an interview with SCMagazineUS.com via instant messenger. "This is what the 'Month of Twitter Bugs' is all about. To bring up the awareness for Twitter services developers and understand that they put all Twitter users at risk when they develop an insecure code."Twitter has released a “Security Best Practices” document for its API users.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.