Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Twitter Gives Details On Phishing Attack
Social networking firm outlines exploit that forced many users to reset their passwordsFeb 04, 2010 | 05:48 PM
By Tim WilsonDarkReading
Social networking giant Twitter yesterday gave an explanation for the forced reset of user passwords that it issued earlier this week.
In an unusual blog by Del Harvey, director of trust and safety, Twitter offered details on the phishing attack that occurred through torrent sites.
"It appears that for a number of years, a person has been creating torrent sites that require a login and password, as well as creating forums set up for torrent site usage," the blog says. The perpetrator then sold "these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own," Harvey says.
"However, these sites came with a little extra -- security exploits and backdoors throughout the system," Harvey continues. "This person then waited for the forums and sites to get popular, and then used those exploits to get access to the username, email address, and password of every person who had signed up.
"Additional exploits to gain admin root [access] on forums that weren't created by this person also appear to have been utilized," the blog says. "In some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third party sites like Twitter."
Twitter hasn't identified all of the forums involved, and it probably won't be able to, Harvey says. "But as a general rule, if you've signed up for a torrent forum or torrent site built by a third party, you should probably change your password there," he advises.
The lesson: Don't use the same email address and password on multiple sites, Harvey warns.
"Through our discussions with affected users, we've discovered a high correlation between folks who have used third party forums and download sites and folks who were on our list of possibly affected accounts," the blog says. "While not all users who were sent a password reset request fall into this category, we felt that it was important to put this knowledge out there, so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
ATMs At Risk, Researcher Warns At Black Hat 07/28/2010
Internet Infrastructure Reaches Long-Awaited Security Milestone 07/28/2010
DNS DDOS Threats and Corresponding Mitigation Strategies 03/23/2010
Spoofing Server - to - Server Communication: How You Can Prevent It 03/11/2010
DIGITAL ASSETS
INETCO Insight of the Week #5 - Combating The "Data Dilemma" with INETCO Insight
07/27/2010
Subscribe to RSSAlleged Mariposa Botnet Creator Arrested In Slovenia
'App Genome Project' Exposes Potential Smartphone Risks
Report: British Ministry Of Defense Lost More Than 1,000 Storage Devices In Two Years
MORE KEYHOLE
Published:2010-07-22
Severity:High
Description:Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.
Published:2010-07-22
Severity:High
Description:Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.
Published:2010-07-22
Severity:Medium
Description:Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.
Published:2010-07-22
Severity:High
Description:SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
Published:2010-07-22
Severity:Medium
Description:Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.
|
