Peaches Posted May 27, 2009 Report Share Posted May 27, 2009 27 May 2009, 12:34Twitter API facilitates worm propagation "Security specialist Aviv Raff reports that the Twitter API can be exploited to spread worms. Among other things, the Twitter API allows users to configure, manage and query the status of their accounts using HTTP requests. Responses are delivered in the form of an XML or JSON document.The twitpic.com photo sharing service is among the application sites that use the API, for example, to retrieve or import a user's Twitter profile. According to Raff, until recently Twitpic didn't filter HTML tags from the original Twitter profiles, so profiles containing JavaScript could be saved in Twitpic.Although Twitter (twitter.com) was filtering out the tags when a profile was requested, Twitpic (twitpic.com) did not and was returning the code along with the profile – which then executed in the requesting user's browser. This could not only be exploited to spy out users' Twitpic accounts, the code could also use the Twitter API to automatically send a tweet with an image link on behalf of a logged-in user."Heise security for more detail - http://www.h-online.com/security/Twitter-A...n--/news/113386 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.