Tag: "twitter"

KitchenAid, Obama’s Grandma, and the unfortunate Mrs. Bowers

KitchenAid, Obama’s Grandma, and the unfortunate Mrs. Bowers

The most controversial #nbcpolitics tweet of today’s presidential debate wasn’t particularly profound, but it will be the most talked about because of the account it came from and the 24,000 people it reached: @KitchenAidUSA: “Obamas gma even knew it was going 2 b bad! ‘She died 3 days b4 he became president’.” #nbcpolitics The tweet […]

An Insult to Romanians Published on the Twitter Account of the French Foreign Ministry

An Insult to Romanians Published on the Twitter Account of the French Foreign Ministry

The Twitter account of the French Foreign Ministry was compromised, and an anti-Romanian message posted, in the midst of the deportation of some 100 Roma from the country.

Persistent XSS on Twitter.com

Persistent XSS on Twitter.com

Twitter user 0wn3d_5ys has demonstrated a persistent cross site scripting (XSS) vulnerability he found on June 21st using his own Twitter account (visit at your own risk) that appears to be due to a lack of input validation of the application name field when accepting new requests for Twitter applications.

Screenshot - BP Research

Going After BP

BP continues to be the subject of criticism following the Deepwater Horizon oil spill, and the hacking community appears to be taking exception to some of BP’s recent public relations activities in the online arena.

We shall strike if the leader orders: Twitter Struck by Iranian Cyber Army

We shall strike if the leader orders: Twitter Struck by Iranian Cyber Army

At some time around 10pm on Thursday, users going to Twitter.com were served the page below with a banner reading “This site has been hacked by the Iranian Cyber Army”. Also, mowjcamp.org, a site for supporters of Mir-Hossein Mousavi Khameneh a candidate who ran against Mahmoud Ahmadinejad in the 2009 Iranian presidential election, has been serving a similar defacement since at least December 16th and continues to do so. The motive appears to be activism in support of Iran’s current Islamic regime. The attack vector was a bad actor using an id and password assigned to Twitter to log in to the administrative portal of managed DNS service provider Dyn.

Spoofed Twitter login page.

“Hi. This you?? LOL” Twitter Attack Snares Kevin Mitnick

Historically the “Is this you?” style Twitter attack seems to be seeded by either an original break in to the victim’s Twitter account, or that user having provided his or her credentials to a phishing style web site made to look like Twitter as the attack propagates through the popular micro-blogging service. This time around however, the account of security consultant and former cracker Kevin Mitnick was caught up in this generic, untargeted Twitter “worm”.

Members of Anonymous protesting scientology.

Not the Haus of Gaga too

Around 9pm EST on Monday the Twitter account of pop singer Lady Gaga, @ladygaga was cracked in to and a series of messages added to her tweet stream. This is the second high profile Twitter account to be cracked in the last few days, on Friday the account of pop singer Britney Spears, @BritneySpears, started professing sympathy for the devil. The Lady Gaga one is interesting though, because like an homage to old school cracks of the past, the attackers appear to have left their name. Further these are two high profile accounts broken into after Twitter has implemented at least three major changes to their web site’s authentication process.

Senate Candidate Rubio discusses colon cleanser.

Sir, the floor wishes to hear no more about your colon.

The Twitter worm/twishing attack of the other day has caught some interesting casualties in its net, most notably Marco Rubio a former Speaker of the Florida House of Representatives and a viable candidate for one of Florida’s Senate seats in 2010 and Zach Wamp, a candidate for Governor of Tennessee and a 14 year U.S. congressional representative.

Phishing site found when you click on the tweeted URL.

A twitter “worm’s” brilliant variation

A new twitter worm is being reported making the rounds this morning, which is actually an expertly crafted variant of the worm we reported back on September 24th. The variant has changed the direct message from “ROFL, this you on here?” to “hi. this you on here?”. The bad actor in China has also used a new URL, but with the same Twitter login landing page identifiable by its stray HTML brace “>” following the line under ‘Sign in to Twitter’. This important difference in wording should allow for a spate of new captured twitter credentials.

Back in January the @BarackObama account was broken into.

Breaking Twitter (authentication)

But wait you say, are you trying to tell us that brute force password attacks will move to the API when I just read on the Twitter API wiki that the API severely limits the rate of calls you are allowed to make to it (200/hour/IP for authenticated requests without whitelisting)? That should be a mitigating control. Should be, but isn’t, because it is not enforced on all of the API calls.

Page 1 of 212