Three Ways Twitter Security Fails

[Peaches]

Three Ways Twitter Security Fails

Joan Goodchild, CSO

Sunday, February 22, 2009 8:10 AM PST "Despite the popularity, Twitter still a lot to do when it comes to securing the platform. (See "3 Ways a Twitter Hack Can Hurt You.") Two security experts weighed in about three areas where Twitter poses some significant risks. URL shortening: Twitter "Tweets" have a character limit of 141 characters. Many users enter urls that are too long and which are automatically truncated with a shortening service, such as TinyURL. Users can't tell where the link is going when they scroll over to it.

This makes it much easier for hackers to send out faulty or malicious links, according to Mike Murray, CISO at Foreground Security, a Florida-based security consultancy.

"With these new mediums, we've gone back to 1997 in terms of the way we act," said Murray. "When email first came out, everyone sent out forwards and all of this other stuff and everyone opened it. And we've spent the last ten years convincing people bad things can come from opening emails you don't trust. We are inoculated against that in email. We are not inoculated against that in Twitter and Facebook. We trust the people we talk to and that talk to us."

"We've been saying to people for ages: 'Be careful which links you click on and make sure it really is who it claims to be,'" said Graham Cluley, a senior technology consultant with UK-based security firm Sophos. "If you are clicking on something that is a tiny url, you don't know where you are going to end up. It is harder to check and reassure yourself about where you are really going."

PC World Story: http://www.pcworld.com/businesscenter/arti...rity_fails.html