Tag Archive | Twitter

Added Security for Twitter Users to Come Soon!

Two-Factor Authentication

From spam to ham, Twitter deals with a lot of security issues on a daily basis. What about viruses/malware? I’m sure, yes. But, more importantly: account security. What do Twitter users need? Security assurance!

Therefore, Twitter is developing and perfecting a two-factor authentication method that will allow Twitter to not only ask for a password, but also a different credential to be sure of who is accessing your account.

From recent issues with Twitter accounts being hacked, it is best to have this in place, before it happens to other high profile organizations. Some of the recent organizations hacked were high profile including the Associated Press‘s account, CBS 60 Minutes account, and the BBC’s account.

Expect a shift in all online high profile websites switching to two-factor authentication. Apparently, it is the go-to emergency security solution.

Recent Hacks: NBC.com, Twitter, and Zendesk – Warnings: Tumblr, Pinterest

After dealing with multiple attacks on several sites, including Apple, Facebook, and Twitter – this being Java exploits. Now, it’s time to deal with more hacks, including NBC.com (which has been serving up malware for a day now) and Twitter. As in recent reports now, Tumblr and Pinterest have been forewarned.

The latest high profile organization that was recently hacked is the National Broadcast Company (NBC), more specifically on their website. The idea from the hackers is to use the website to infect visitors, using exploits and other JavaScript injections.

NBC.com’s hacked pages were modified to include additional HTML component called IFRAME, which is inline frame. This allows at least a 1px x 1px frame to be included independently in the webpage, which may contain malicious code. In HTML code, frames can be made to host web content. But, in the hands of the evildoers, aka cybercriminals, it is used as an effort to launch malware campaigns.

Malicious JavaScript was added to the mix, and also used the exploit kit called RedKit. It delivers one of two exploit files to try to take control of your browser.

I recognized something was wrong with NBC.com, which may have already been hacked a few weeks ago, and I posted the information on my Twitter account that a downloaded file was sent to my browser asking me to save or open it. This was on a sister site/blog, RedTape. I asked people to replicate it. The Twitter status can be found here.

What type of malware was delivered? Citadel or ZeroAccess, which are both crimeware families and botnets. They are usually part of several exploit kits.

This drive-by download situation is no good, as the pages were taken offline. Therefore, that dropped the traffic of those specific areas of the site. It is sure that this situation is a matter of cybercrime aimed at a financial side of things, not defacement or pranks.

Was it a big deal that it was NBC? No. In fact, it is sure the hackers were aimed at using a high-profile site, and apparently NBC.com was the easiest or quickest to access. Hackers rely on time and many other factors to make their approach(es).

Zendesk hacks and other various warnings

Zendesk is all about customer support…therefore no one really knows, except for those in the business of customer support. Big names use this service, which include Tumblr, Twitter, and Pinterest, among others. Hackers broke into the Zendesk systems, accessing email addresses of those big name customers, namely Twitter, Tumblr, and Pinterest.

How “pinteresting” that another hack has been born, which is related to a social network. Zendesk detailed the hack:

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

The companies involved made a point to tell its customers that they haven’t been hacked, but private information was stolen. Luckily, no password thievery was involved.

Obviously, an incident like this, just like the NBC.com incident, needs to be taken very seriously. Something must be done to stop the continuous hacks.

Twitter hacks additionally are nothing new. Many times, hackers used a backdoor, such as the tools the support team uses, to infiltrate the information of Twitter users. It’s not a huge gain, more possibly a waste of time.

Twitter ‘Unintentionally’ Sends Load of Reset Password Emails

A recent technical issue on Twitter sparked a bit of controversy, as users reported in Thursday saying they received password reset emails for their account. What was thought to be a compromise of Twitter via hacking, was actually just an unintentional security measure by Twitter.

According to TechCrunch, Twitter said that, in the course of its normal checks for compromised accounts, the company “unintentionally reset passwords of a larger number of accounts” than was necessary.

In addition to the details of the issue, Twitter made a statement, “We apologize for any inconvenience or confusion this may have caused.”

Part of this issue comes at no surprise that security researchers or Twitter users would think of it as a hack, because of Anonymous planning to attack Facebook recently, particularly on Guy Fawkes Day this past Monday.

This is just a good reminder that Twitter users should probably head to the social networking site and change their passwords, in case Twitter has not done either, A. disclosed enough information about the issue, and B. If it hasn’t been changed in a while.

However, if you cannot get in to your Twitter account, check the email you used when registered with Twitter, and see if a password reset email was sent to you. Don’t forget to check your spambox, just in case you don’t see it in your inbox.

When changing your password, please keep in mind a secure password, which we explain at this link.

r00tbeer or r00tbeersec Making Rounds with AMD, Data Breach

New hacking group dubbed r00tbeersec, with main leader r00tbeer has posted details about an attack on AMD blogging, the Intel chips rival. Some 30 KB of data was apparently stolen, that contained a total of 189 usernames/passwords from their WordPress blog site.

The main AMD blogs site shows the following image (after redirect):

Blackhole Malware on Twitter: “It’s you on photo?”

Common Twitter scams have been highlighted over time by many security organizations. Please take note of the intro below, and then see the full investigation by Sophos:

If you are a Twitter user please be very cautious of clicking on links that claim you are pictured in an online photo.

Thousands of malicious links are being spammed out, targeting innocent users of the micro-blogging network.

The links point to Russian webpages that ultimately attempt to infect your Windows PC using the notorious Blackhole exploit kit.

Read more on Sophos Blog
Kaspersky Lab E-Store

Twitter Ordered to Submit ‘Occupy Movement’ Data

A New York Judge has ordered Twitter to submit user data on an account related to an Occupy Movement protester:

The case, which the judge called one of “first impression,” concerns Malcolm Harris, who was among hundreds arrested Oct. 1 in an Occupy movement march along the Brooklyn Bridge.

Prosecutors sought tweets made to Harris’ account “to refute the defendant’s anticipated defense, that the police either led or escorted the defendant into stepping onto the roadway of the Brooklyn Bridge.”

While the outcome was expected, the case was being closely watched as the authorities increasingly monitor and move to access material posted on social networks. And the decision comes as Twitter reported that, for the first six months of the year, the United States sought information on Twitter user accounts 679 times, and Twitter produced some or all of the information 75 percent of the time.

Read more on this story now

Celebrity Nude Photos Trouble Rising Up

There are continuing stories repeatedly of nude photos being stolen from celebrities through hacks and other leaks across the internet. What the problem is, it reveals immorality maybe, but also violates the privacy of the celebrity.

It’s none of anyone’s business but the celebrity itself, on why they decided to post nude photos on the insecure internet. Whether you believe it or not, celebrities reveal way too much personal data too, except in different ways.

Of course, you’ll rarely get to access a celebrity’s Facebook account, or friend them. Now, seeing a Twitter account of a celebrity is probably more likely, but it’s probably not a personal account.

Personal social networking accounts for celebrities are unlikely to be public, and unlikely to be noticed, also! So, at least they know how to handle themselves in social networking. After all, it could cost them their job, for involvement in social networking.

Back on topic…Let’s example Scarlett Johansson’s situation, where Christopher Chaney was held guilty for hacking/leaking the nude photos of this celebrity. Even the same hacker got Mila Kunis’s photos as well.

Now, according to media reports, prosecutors have filed documents at the US District Court in California, calling for 35-year-old Chaney to spend 71 months in prison, and pay over $150,000 in restitution.

To avoid this situation, celebrities listen up: secure your email account with a better password!! End-of-story.



Mobile Location Tracking Featured Removed from Facebook

Facebook launched a new feature this past Sunday, which was a location tracking feature that allowed users to see which of their friends were nearby. This feature has been quickly removed, after quick evaluation. The executive team at Facebook seems to not have their head on straight, or maybe the risk platform is too high right now, but it’s time to get the act together in thinking about the security and privacy of every human user of Facebook.

The feature, like all other strange features, turned itself on by default. Which means anyone and everyone would be vulnerable. This type of feature can easily broaden the range of stalkers and make it easier for people to track your location.

As if FourSquare or Facebook Places wasn’t bad enough, this feature grinds many gears in the security world. Why release privacy-violating features, when you know it’s possible they will be removed.

Or let’s see it in Facebook’s eyes: “We’re always testing new features”. IS THAT THE KEY TO YOUR BUSINESS PLAN? For what it’s worth, Facebook, there are a lot better ways to stretch your business without hurting the privacy of others. WHY does every new feature have to do with privacy? Hello! The target of social networking is to bring people closer mentally/emotionally (already connected public friends), but not physically closer.

It’s time to think, Facebook! This may seem like a good idea for some, but for security researchers and others: pure privacy torture!

Eventful Summer Heating Up for Computer Security

Whether it’s the Olympics possible terrorism, or the cyberwar heating up, an eventful Summer for computer security is on the way!

Some of the biggest computer security issues in the coming weeks of the Summer include (no specific order):

  1. Olympic games, possible terrorism involvement. Also, look out for scammy/spammy emails, including different issues – such as: Watch Olympic results online now, or even Win Free Tickets to the Olympics. Websites that allow broadcasting for the Olympics are going to be highly targeted. Look out for issues, especially when a lot of people from a lot of different countries want to check it they’re team won.
  2. Your Summer Vacation, may be the time where you lose your smartphone or laptop or tablet, etc. Be careful not to take too many gadgets…after all, the more you have with you, the more you have to keep track. If you’re commonly irresponsible or less careful, then try to take only one-to-two devices at maximum. Also, don’t be announcing to Twitter, Facebook, FourSquare, etc. that you are leaving your home for a while. This produces a great home security risk, mainly for people whom know where you live.
  3. Politics and cybercrime don’t mix well! Expect trouble in your inbox, pasted all over advertising, etc. about the upcoming Presidential Election. Don’t click on ads in different websites, or in spam emails about politics. It’s a bunch of propaganda, FUD, and mindless brainwashing…that’s just half. The other half: malware of course! 😀
  4. Black Hat & DefCon conferences are this Summer. Expect no less than a wild ride for vulnerabilities, strange new malware, and lots of fancy code to look at. But seriously, don’t fall for vulnerabilities. Keep your computer secure by following the ad below. It’s an ad you SHOULD click on!

In order to protect your computer against these types of threats, it is recommended to have a good Internet Security suite, that protects your computer against malware and protects your inbox against spam attacks:

%d bloggers like this: