// archives

Social Networking

RSS feed for this section
This category contains 8 posts

Persistent XSS on Twitter.com

By Prefect June 24, 2010 15 comments

Twitter user 0wn3d_5ys has demonstrated a persistent cross site scripting (XSS) vulnerability he found on June 21st using his own Twitter account (visit at your own risk) that appears to be due to a lack of input validation of the application name field when accepting new requests for Twitter applications.

James Lipton says “Don’t tweet your junk”

By Prefect December 3, 2009 2 comments

James Lipton’s new public service announcements (PSA’s) on texting (text messaging) for teenagers gives the concept a whole new meaning. The campaign “Before you test, give it a ponder” features videos of Lipton loaning his trademark beard to teenagers so that its magical properties of forethought can be temporarily bestowed on them effectively uses humor to combat the problems of sexting and cyber-bullying.

“Hi. This you?? LOL” Twitter Attack Snares Kevin Mitnick

By Prefect November 30, 2009 One comment

Historically the “Is this you?” style Twitter attack seems to be seeded by either an original break in to the victim’s Twitter account, or that user having provided his or her credentials to a phishing style web site made to look like Twitter as the attack propagates through the popular micro-blogging service. This time around however, the account of security consultant and former cracker Kevin Mitnick was caught up in this generic, untargeted Twitter “worm”.

Not the Haus of Gaga too

By Prefect November 17, 2009 5 comments

Around 9pm EST on Monday the Twitter account of pop singer Lady Gaga, @ladygaga was cracked in to and a series of messages added to her tweet stream. This is the second high profile Twitter account to be cracked in the last few days, on Friday the account of pop singer Britney Spears, @BritneySpears, started professing sympathy for the devil. The Lady Gaga one is interesting though, because like an homage to old school cracks of the past, the attackers appear to have left their name. Further these are two high profile accounts broken into after Twitter has implemented at least three major changes to their web site’s authentication process.

Facebook’s Faith: A New Scareware Attack

By Prefect October 1, 2009 2 comments

On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image (seen at left) but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs.

Breaking Twitter (authentication)

By Jeremy Rossi September 25, 2009 One comment

Yesterday we spent some time speculating on how phishing attacks like the one afflicting Twitter on Wednesday of this week are seeded. How are the original direct messages sent out that kick off the first stolen credentials, the next set of direct messages, and so on in the loop? We were hoping, but [...]

ROFL this you on here? The latest Twitter Worm

By Prefect September 24, 2009 7 comments

At 2pm on Wednesday 9/24, wide scale reports started showing up on Twitter that a new Twitter worm sends you a direct message with the content “rofl this you on here? http://videos.twitter.secure-logins01.com”. The link opens a Twitter style log in page (albeit Twitter’s previous version of this page, they have a new one) which, except for being an old version and a stray angle bracket is convincing. Upon logging in the user’s credentials are stolen, and presumably direct messages are sent to each follower that user has.

CollegeHumor explores the concept of real life tweeting

By Prefect May 1, 2009 Post a comment

What if you walked through life providing twarcissistic updates as some are wont to do on Twitter. CollegeHumor.com explores what this might look like.