April 27th, 2009

Is Twitter finally taking security seriously?

Posted by Ryan Naraine @ 9:42 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Exploit code, Hirings and firings, Locally Running Web Servers, Malware, Passwords, Pen testing, Social Networking Applications, Viruses and Worms, Vulnerability research

Tags: Twitter, Cyberthreats, Security, Viruses And Worms, Ryan Naraine

Now that Oprah’s all a twitter, it looks like everyone’s favorite micro-blogging tool is finally taking a hard look at security.

According to a job listing posted online, Twitter is searching for software engineers to focus specifically on application and infrastructure security.

The search for security personnel follows several high-profile worm attacks that exploited security vulnerabilities on Twitter’s Web site and public complaints that the company did not think about securing its service until it was too late.

In addition to the worm attacks, malware purveyors and spammers have already infiltrated the popular messaging service and security researchers grumble that efforts to report software flaws are largely unsuccessful.

For now, Twitter is looking for staffers to handle the following responsibilities:

• Pro-actively look for ways to improve Twitter’s web security practices
• Analyze and improve security of existing Rails web application
• Design, implement, and maintain application security policy, standards, and procedures
• Run periodic application vulnerability assessments
• Refactor and improve maintainability of the codebase
• Rapidly fix bugs and solve problems
• Code using primarily Ruby and C
• Conduct design and code reviews
• Pair program
• Interface with product, front-end, and operations teams

ALSO SEE:

• Twitter being used to distribute malware
  
• CSRF vulnerability allows Twitter ‘follow’ abuse
• Commercial Twitter spamming tool hits the market

By the way, follow me on Twitter.