Tag Archives: twitter

Twitter plans new products and tighter security

0
Posted by Tech Paranoia on January 13, 2010 – 2:00 pm
Filed under Security
Tagged as , ,

Twitter has announced plans to hire 27 professionals to create new products and improve the security of the site.

The increase in headcount is a significant move for the relatively small company, which currently has around 120 staff.

Advertisement

Twitter co-founder Biz Stone stated in November that 2010 will be the “revenue year” for the company, and the variety of job postings currently hosted on the micro-blogging site suggests that he is not digressing from this strategy.

The new employees will focus on creating Twitter front-end features, and should have experience in advertising applications in line with firm’s new advertising strategy scheduled to be rolled out this year.

Twitter is also issuing calls for a professional who will maintain a platform to help developers in media companies create new integrations with Twitter, as well as for another employee who will encourage media professionals to use the tools.

The other job descriptions display Twitter’s plans to increase the support tools available to users, further develop its application programming interface, develop Twitter’s international front-end and add new search capabilities.

A product marketing manager is also wanted to enhance business users’ understanding of the value of Twitter. According to the description, the work can range from creating “better packaging [of] existing features for businesses, managing all outbound marketing for new monetisation products, [and] analysing customer needs for improved product development”.

Finally, Twitter wants to increase its security team after a number of safety issues hit the headlines last year. The most recent incident involved hackers logging in to Twitter and redirecting users to a site hosted by a group calling itself the ‘Iranian Cyber Army’.

A network and infrastructure security manager will audit and secure systems and create procedures that respond to security issues. The job will involve designing a system that will prevent network intrusions. Meanwhile, an anti-spam software engineer will focus on Twitter’s spam detection system.

Source: v3.co.uk

Twitter hack group hits Baidu.com

0
Posted by Tech Paranoia on January 12, 2010 – 9:00 am
Filed under Hacks
Tagged as , , ,

The same group that used a DNS attack to hijack Twitter last month has defaced the home page of Chinese search engine Baidu.

Surfers visiting Baidu site on Monday night were confronted by the message “This site has been hacked by Iranian Cyber Army”, together with an image of the Iranian flag. Early speculation suggests the attack involved changing Baidu’s DNS records rather than a direct attack on the site itself, but this remains unconfirmed.

The attack might have been used to point the millions of Chinese users who use Baidu every day towards a site that took advantage of browser exploits to infect computer users with malware. So it’s perhaps fortunate that the Baidu hack involved only political graffiti.

By Tuesday morning, Baidu’s site had been cleaned up. Screenshots of the hack can be found in a blog entry with further commentary on the attack by Sophos here.

Source: The Register

http://www.sophos.com/blogs/gc/g/2010/01/12/baidu-chinas-largest-search-engine

Researcher Uncovers Twitter, Google Calendar XSS Vulnerabilities

0
Posted by Tech Paranoia on January 4, 2010 – 9:00 am
Filed under Software
Tagged as , ,

A security researcher has uncovered vulnerabilities in Twitter and Google Calendar that could put users at risk.

In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site any time the user viewed his or her Google Calendar agenda events.

According to Goldshlager, a penetration testing expert with Avnet Information Security Consulting in Israel, the cross-site scripting vulnerability can be exploited if a victim adds malicious code to his quick add post calendar.

“When the victim … [adds] this malicious code, his cookies [and] session ID will be stolen and will be sent to the attacker site,” he said. “Then the attacker will be able to get full control of the victim’s Google accounts like: Google Calendar account, Google Groups, iGoogle, etc.”

Goldshlager also demonstrated that the HTML injection vulnerability could be used to log a user out of his Google account, something the Google spokesman said “is of negligible security impact” and “can be avoided by not clicking on the link.”

“They should fix this immediately because an attacker can redirect a victim to any site that he wants, and [with] the XSS issue an attacker can steal the victim’s cookies and get full control of his accounts,” the researcher said.

Source: eWEEK

Twitter bans obvious passwords

0
Posted by Tech Paranoia on December 30, 2009 – 11:00 am
Filed under Security
Tagged as ,

Twitter has decided that when signing up for a new account or changing your password, you can no longer use a password on a list of the most commonly used passwords. This is a great security measure that will protect users from themselves, and hopefully raise the awareness of the necessity for strong passwords.

Full list after the jump.

Read More »

Twitter hack a result of phishing?

0
Posted by Tech Paranoia on December 18, 2009 – 4:08 pm
Filed under Hacks
Tagged as , ,

According to Computer World, the attack against Twitter that redirected all traffic to a defaced site was due to DNS changes using an authorized account. Dyn Inc., the company that manages Twitter’s DNS, states that the changes were made using an authorized user, and that none of their servers were compromised, raising the possibility that the credentials were phished from a Twitter employee.

Twitter’s DNS was Hijacked

0
Posted by Tech Paranoia on December 18, 2009 – 8:22 am
Filed under Hacks
Tagged as ,

In an update to the story from last night, “Twitter Hacked, Defaced By “Iranian Cyber Army”” It appears that Twitter suffered from a DNS hijack and that no user data was at risk.

The site is back online and running with no issues.

Twitter Hacked, Defaced By “Iranian Cyber Army”

1
Posted by Tech Paranoia on December 18, 2009 – 12:54 am
Filed under Hacks
Tagged as ,

TechCrunch reports that Twitter was hacked and defaced at about 10pm PST tonight and is currently down (at the time of writing.)

Below is a copy of the message:

Iranian Cyber Army

THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY

iRANiAN.CYBER.ARMY@GMAIL.COM

U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….

NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST ;)
Take Care.

At least one other site is affected, http://www.mowjcamp.org/. Which is currently displaying the defaced page.

iraniancyberarmyhack

[twitter] DNS Rebinding Attacks Explained

0
Posted by Tech Paranoia on December 1, 2009 – 11:20 am
Filed under Hacks
Tagged as ,

From @threatpost: DNS Rebinding Attacks Explained | http://bit.ly/5fGS2q

[twitter] ‘What the Hack’ star Ankit Fadia site hacked

0
Posted by Tech Paranoia on December 1, 2009 – 8:51 am
Filed under Hacks
Tagged as ,

From @ThisIsHNN: RT @MTVIndia ‘What the Hack’ star Ankit Fadia site hacked – http://tr.im/GhbP

SSL Renegotiation Bug Succesfully Used To Attack Twitter

0
Posted by Tech Paranoia on November 16, 2009 – 11:00 am
Filed under Encryption, Hacks, Privacy
Tagged as ,

A Turkish grad student has devised a serious, real-world attack on Twitter that targeted a recently discovered vulnerability in the secure sockets layer protocol.

The exploit by Anil Kurmus is significant because it successfully targeted the so-called SSL renegotiation bug to steal Twitter login credentials that passed through encrypted data streams. When the flaw surfaced last week, many researchers dismissed it as an esoteric curiosity with little practical effect.

More at: darknet.org.uk