|
Another Lesson The Twitter Worm Teaches
by Tek-Tips |
|
Twitter may be in the news this week for the wave of attacks on it users but the past year has shown repeated cross-site scripting infiltrations on sites such as Facebook, eBay and HSBC, the financial institution. What’s different this time is how much faster the community can respond due to the increased use of services like Twitter and Facebook. It should make all of us pause. We need to respond faster to attacks. News of these incidents spread more efficiently than ever before, perhaps even faster than the worm itself. Twitter did not get hammered once, they were attacked four times by the worm and its variants. That has to have some lasting damage. Here’s a screencast about the Twitter worm; attacks across different social networks in the past year and examples of the Twitter activity that resulted from the attack. Plus, a YouTube video showing the musical side of the bored 17-year-old who wrote the script that attacked Twitter. We thought it was interesting.
Tags: cross-site scripts, eBay, facebook, mikkey, NoScript, Twitter, Vulnerabilities, worm, xss
This entry was posted on Tuesday, April 14th, 2009 at 9:00 PM and is filed under Community Manager, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Comments
-
Rob says: The twitter cum Facebook et al diaspora faces so many challenges, but this “Can plugging into online social networks via Twitter or Facebook lead to some kind of computer-aided moral decline en masse?” be for real? Do we really have to create technologies that measure each individual child for their carrying capacity for time spent online and time spent trying to sort out right from wrong under the spell of rapid-fire information? The data says youngsters today face challenges using technology, but can technology or legislation lower the risks?
Like or Dislike:
0 
0
|
| Making The Buy For Trust Seal For ease of access, we have added a 'Buy' button to the very top of the Trust Seal landing page. This helps to ensure that it is easily visible and accessible to users and that it doesn't get missed further... VeriSign At SES The VeriSign Authentication team was at SES last week talking up the VeriSign Trust Seal which was recently launched in February, and Seal-in-Search - a service where search engine users can see the VeriSign Trust Seal next to sites protected... VeriSign Now a Symantec Company We are very excited to be a Symantec company! If you haven't already heard, VeriSign has been acquired by Symantec. The deal was made official on August 9, 2010. We are very excited about new opportunities for increasing and offering... |
|
| PayPal UK Launch Security Key - Guest Posting from PayPal I am happy to say they are using VeriSign Identity Protection to deliver this, which means that PayPal Customers will be able to use their token at other sites who join the VIP network. PayPal are the first UK members of the network, but there are around 30 other members in different countries around the world so you can expect to see more places where you can use your token in the UK appearing shortly. Facebook scam - Part 2 This just in from the BBC web site, Symantec have identified a virus that steals user names and passwords, nothing new there. But, if I understand this right, it is delivered through a Facebook invitation from someone you don't know and delivers malware which can then steal user names / passwords and also keylog credit card info. Survey finds passwords are not secure - well d'uh! I don't think the vendor community has been crying wolf about the problems that stronger authentication solves, more like highlighting that this problem is here and growing. Well the discussion I have had recently with many different organisations across many different industries are now resulting in more and more consumer projects in this area |
|
| Cloud Identity, Trust and the Liability Elephant. I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on... Greek Heroes, Facebook and Trust When Achilles was a baby, the oracle predicted that he would die in battle from an arrow. Thetis, Achilles' mother who did not want her son to die decided to dip Achilles' body into the water of a river that... PCI for the Cloud For most enterprise and security vendors, the cloud is fascinating both as a technology and a business disruptor. In fact, SAAS CEOs such as Successfactor, SalesForce and NetSuite are hot shots in Silicon Valley these days. Yet, most of us... |
|
