On TV.com: GLEE: Risky Business
BNET Business Network:
BNET
TechRepublic
ZDNet

April 14th, 2009

Twitter: Can it make security a priority?

Posted by Larry Dignan @ 4:10 am

Categories: General, Security, Social networking, Twitter, Web 2.0, Web Technology

Tags: Twitter, Dancho Danchev, Cyberthreats, Spyware, Adware & Malware, Security, Viruses And Worms, Larry Dignan

Twitter has been schooled by a 17-year-old hacker over a generic worm that has plagued the social messaging site.  The big question: Can Twitter take security seriously as it wrestles with uptime issues. 

Dancho Danchev has a nice dissection of Twitter’s worm issues. Twitter was hit with at least four variants of the StalkDaily.com XSS worm over the weekend and into Monday (Techmeme). In English, the worm hijacked accounts and advertised the author’s Web site. No real damage was done—this time. Next time that worm may deliver a malware payload. 

Dancho walks through the history behind how Twitter said it fixed the flaw only to have its pesky 17-year-old, Mikey Mooney, prove it wrong. Dancho’s real message is this:

With or without the malicious intend of spreading malware, Mikey’s persistent actions aiming to prove Twitter’s inability to fix the cross site scripting flaws are illegal, and so is the potential compromise of iReel.com for hosting purposes of the JavaScript code. And whereas these campaigns did not introduce malware or tried to monetize the traffic by for instance installing scareware, different people have different motivations, so instead of waiting for the hardcore cybercriminals to take advantage of such flaws, Twitter should really start treating (trivial) cross site scripting flaws more proactively.

Of course, Twitter should be more proactive on security, but my hopes are extremely low. Why? Twitter can barely keep its own service running. Clearly, when a site is down a lot security goes to the back burner. After all, what’s more important: Repeated Fail Whales or Mikey?

As Twitter scales, however, security is going to become a big problem. Twitter better get with the security program pronto.

Also see: Lesser of two security evils: Twitter Web or third-party clients?

How to end the Fail Whales? With Blue Whales.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

For daily updates, follow Larry on Twitter.

Email Larry Dignan

Subscribe to Between the Lines via Email alerts or RSS.

  • Talkback
  • Most Recent of 2 Talkback(s)
RE: Twitter: Can it make security a priority?
Another article that leaves the facts behind and omits important details; for instance Twitter was on top of this and had identified and disabled this worm within hours. A quick look at the Twitter co... (Read the rest)
Posted by: tiagara Posted on: 04/15/09 You are currently: a Guest | | Terms of Use
So True  GoodSource | 04/14/09
RE: Twitter: Can it make security a priority?  tiagara | 04/15/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More