Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Twitter is cleaning up from another fast-spreading worm that took advantage of a popular class of vulnerabilities.In an incident over the weekend, users who were logged into their Twitter accounts and clicked on a malicious link contained in a tweet simply stating "WTF" automatically tweeted out a sexually explicit message involving goats, as well as a copy of the message to which they fell victim."All the user sees if they visit the link is a blank page, but behind the scenes it has sent messages to Twitter to post from your account," Graham Cluley, senior technology consultant at security firm Sophos, wrote in a blog post. "The messages obviously couldn't be sent if you weren't logged into Twitter at the time you clicked on the link."Twitter, in a blog post, said it had stopped the spread of the worm by fixing a vulnerability and that it was working to delete any tweets that contained the malicious link."Chances are that the reason why this attack spread so speedily is that people were curious to find out what they would find at the end of a link only described as 'WTF'," Cluley wrote. "[T]he attack has highlighted an obvious security problem in Twitter which must be addressed as a matter of urgency."The worm was able to spread on the Twitter platform thanks to a cross-site request forgery vulnerability, a popular attack class that leverages the trust a particular website has for an authenticated user.
Days earlier, an even more infectious worm spread through Twitter by taking advantage of a cross-site scripting vulnerability that opened a pop-up box or a spam or pornographic website in a user's browser if they simply moused over a malicious link contained in a tweet. Hundreds of thousands of Twitter users reportedly were affected before Twitter plugged the hole.A Japanese hacker reportedly took credit for the worm and said he launched it to make Twitter aware of the flaws of its site.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.