informa
/
Risk
Commentary

Twitter Clickjacking Hack Potential Revealed

Twitterjacking? Tweethacking? Too early for a clever name yet, but a proof of concept for a clickjacking hack aimed at Twitter's "What Are You Doing" update has been released. The hacks themselves may not be far behind.
Twitterjacking? Tweethacking? Too early for a clever name yet, but a proof of concept for a clickjacking hack aimed at Twitter's "What Are You Doing" update has been released. The hacks themselves may not be far behind.The clickjacking -- inserting essentially invisible links to malicious sites into browsers and over browser buttons -- strategy for taking over Twitter users' update boxes was unveiled in a proof of concept blog posting.

So far no instances of this approach being used in the wild have been reported in the two weeks or so since the concept was made public.

Leaving aside the question of the appropriateness of making such hacks public, and the so far benign results of this particular hack -- the hacker would be able to post updates on the user's Twitter homepage -- the point here is that we have another Twitter vulnerability a month or so after some higher profile Twitter hacks.

And the problem potentially is far from benign. Think what a simple "We're Going out Of Business" or "Our Products Have Been Recalled" tweet to all of your followers would do for your business.

One more reminder to have your employees on as much guard when social networking as when doing anything else on the Web.

And as far as name for the exploit, should it ever show up in the wild?

How's this:

Twicking!

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5