twitter security

Twitter has confirmed that someone broke into its network and gained access to 10 accounts, which appear to include Britney Spears and Ashton Kutcher, according to screenshots posted on a French blog site.

"Our initial security reviews and investigations indicate that no account information was altered or removed in any way," Twitter co-founder Biz Stone wrote in a blog post Thursday afternoon.

"Personal information that may have been viewed on these 10 individual accounts includes email address, mobile phone number (if one was associated with the account), and the list of accounts blocked by that user," … Read more

Twitter users looking for a little entertainment on a boring Friday may want to go elsewhere to get their fix.

A new attack was hijacking Twitter users Friday, with at least 700 accounts being compromised in two hours beginning at about 11 a.m. PST (7 p.m. GMT), security researcher Rik Ferguson wrote on the Trend Micro blog.

Victims are clicking on a link in a tweet that lures them with the promise of chatting with a 23-year-old woman on a Webcam.

"It appears that there is a rash of Twitter account hijacking going on this evening," … Read more

Twitter fended off a second clickjacking attack on Thursday night as the popular microblogging site plays cat-and-mouse with a prankster, the site confirmed on Friday.

"Yes, there was a second approach later in the day, same story as the first but with a slightly modified technique," Twitter co-founder Biz Stone wrote in an e-mail. "We took care of that too. Every day we're finding ways to improve the system."

"It's a convoluted cat-and-mouse game," Jeremiah Grossman, chief technology officer of WhiteHat Security, said earlier on Friday. "At least for the moment, … Read more

Few people would characterize the popular and influential microblogging service Twitter as "secure." Hack attacks on Twitter, and Twitter users, appear to be increasing (latest: Twitter hit with "Don't Click" clickjacking attack).

There are two potential security issues currently plaguing the popular social network: the popular use of link shorteners like TinyURL that lead users to unknown destinations, and a single login system that some hope will be fixed with the arrival of OAuth.

Don't click on that link! Whenever I see an interesting tweet followed by a TinyURL link, I click it. I'll admit it. I don't even consider the ramifications of my actions and often, I'm surprised by where I go.

But I don't think I'm alone. TinyURL is the most common link you'll see on Twitter, but it's also one of the easiest ways for a malicious user to expose you to issues ranging from phishing scams to malware installs.

Luckily, Twitter is aware of this issue, and according to its co-founder, Biz Stone, the company is working on ways to make linking safer on the site.

"User security is absolutely a concern and we're working to make the interface safer in that regard," Stone told ZDNet blogger Jennifer Leggio. "We are looking into other ways to display shared links, for example noting whether a link goes to a picture or a video or some other media element. While more a feature, this could help in addressing some of the risk with the URL redirection."

Ginx, a new third-party service (which ironically requires your Twitter login credential to function; see next section), automatically expands shortened URLs before you click on them.

But what about stopping the use of TinyURL, Bit.ly, and other link-shortening services altogether? So far, Twitter has not indicated that it wants to do that and, as some security experts claim, it shouldn't consider that option.

Peter Gregory, a professional security expert and blogger at the Securitas Operandi blog, said he believes TinyURL use "basically comes down to trust: do you trust the source of the link, or is the creator of the link luring you into visiting a malicious Web site that will attempt to implant malware on your computer?"

Both TinyURL and Bit.ly seem poised to answer that call.

Last year, TinyURL introduced a major improvement to the service that anyone using Twitter should use: a preview feature.

TinyURL's preview feature doesn't require registration and instead asks to place a cookie on your machine. Once you surf to the company's preview page, it asks if you want to enable a TinyURL preview. If so, you only need to click the link on the site and from that moment forward, any TinyURL link you click in Twitter or elsewhere across the Web won't immediately send you to the destination site. Instead, you will be redirected to a TinyURL preview page that allows you to examine the link and decide if you want to go to the respective page.

Bit.ly, another URL-shortening service, provides a Firefox plug-in that allows you to preview links. With both solutions running, the risk of being redirected to a malicious site should be cut down considerably, though not eliminated--nothing in link security is a sure thing.

But that's just one security issue Twitter and its users are forced to confront each day.… Read more

Twitter stopped a clickjacking attack on Thursday that quickly spread because it took advantage of social engineering and peoples' natural curiosity.

Tweets began appearing that said "Don't Click" followed by a link. Naturally, people clicked. When they did so, a tweet was sent from their account with the same "Don't Click" message and link.

"We patched the "don't click" clickjacking attack 10 minutes ago. Problem should be gone," John Adams, aka Netik, an operations engineer at Twitter, tweeted around 11 a.m. PST.

The clickjacking appeared to be harmless … Read more

Clarification: Twitter has clarified that this incident was the work of a hacker and separate from the phishing scheme.

CNN anchor Rick Sanchez is one of the most popular users on microblogging service Twitter, with nearly 40,000 followers and a Twitterholic rank in the top 20. Unfortunately for Sanchez, it looks like he fell victim to the phishing scam that has been plaguing the popular service for several days now.

In a "tweet" that has since been deleted, Sanchez's account displayed the message "i am high on crack right now might not be coming into … Read more

There's a scam spreading through Twitter. Direct messages (DMs) are showing up in Twitter accounts with appealing come-ons to visit a site on blogspot.com. The text is, "hey! check out this funny blog about you..." The URL in the message then redirects to a page that looks like the Twitter login page, but is actually not on Twitter--it's a site, twitter.access-logins.com, that masquerades as Twitter to steal your login credentials instead.

If you need to log in to Twitter, do it on Twitter.com itself. And to play it safe, double-check your browser … Read more

Twitter's time has finally come.

The microblogging service, once the playground of the Web 2.0 digerati, is now mainstream enough to be targeted by online criminals.

Kaspersky Lab has uncovered a fake Twitter profile created solely for the purpose of infecting people's computers.

The profile, with an alias that means "pretty rabbit" in Portuguese, has posted a link that purports to be a pornographic video, but is instead Trojan software masquerading as MP3 files that steals data from the machine, according to the Kaspersky's Viruslist.com blog.

"If you click on the link, … Read more