Twitter Vulnerability Exposed - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Social
05:29 PM
Connect Directly

Twitter Vulnerability Exposed

The XSS security issue allows attackers to inject malicious code into Web pages, including HTML and client-side scripts.

Twitter has suffered from a series of security incidents in recent months. Last week, about 750 Twitter accounts were hacked and used to send tweet spam.

About the same time, The Washington Post reported that Twitter had fixed an SMS spoofing vulnerability identified by James that was nearly identical to one reported to the company by another security researcher back in April 2007.

In January, 33 Twitter accounts associated with celebrities were hacked.

That same month, Twitter said it was conducting a full security review of all access points to Twitter. To date, it has not provided an update on its findings.

In July, security researcher Aviv Raff said that Twitter suffered from a vulnerability that allowed an attacker to force victims to join his or her Twitter follow list automatically.

Twitter's surging popularity only increases its attractiveness as a target for cybercrime. And the service's basic design amplifies the problem. "The structure that Twitter uses makes it the perfect architecture for spreading something virally," said Wastl. As with social networks, the feeling that one is among friends on Twitter may lead to insufficient caution.

According to James, Twitter encourages unsafe security practices, like the use of URL redirection and presenting links in a way that promotes trust that may not be deserved.

"It breeds bad human behavior to serious security problems," said James.

InformationWeek Analytics has published an independent analysis of the challenges around setting business priorities for next-gen Web applications. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll