☆Obaby's H4cking W0rld☆

Hack-Crack==Backdoors - RATs - Trojans // Binders-Packers - Rootkits

破解-黑客-零日漏洞-灰鸽子/上兴/PCShare-木马免杀-网站入侵-信息安全

Unless you have been sleeping under a stone for the past four years then you must have heard about Twitter in some way or another. The original idea behind Twitter was to provide a social network where everyone can tell followers what he or she is up to. The only restriction with Twitter is that each message has to be 140 characters or less.

Most times it makes little sense to implement high security features for services that do not deliver sensitive content. The original concept behind Twitter was to simply deliver short text messages with little value and at first glance, a Twitter account does not seem to have much value. Twitter accounts are free and the only information that you send out using Twitter is supposed to be small talk (eg. “Made lemon vanilla cupcakes with..”).

However it didn’t take too long for politicians, organizations and consultants to start using it in their marketing strategies or as a way to stay in touch with a large number of people. Whenever a well known media personality joined Twitter (such as Oprah), a large number of fans would follow. As people and organizations started relying on the service more and more, Twitter’s value increased, while the level of security did not change much. During the US presidential elections, politicians used Twitter as a way to quickly update the public about the latest news. Some people might also exchange information that is sensitive in nature by making use of the private message feature. There are also payment methods that rely on Twitter such as Twitpay and Tipjoy. Twitter was never meant to be used as a payment service, yet people started creating ways to do just about that.

When security is given little importance from the start, web applications have a tendency to have vulnerabilities. In the recent months, Twitter has taken quite a beating when it comes to security. The service has been host to worm attacks, spammer and malware content. What sorts of vulnerabilities were exploited.

Earlier this month, a large number of Twitter accounts started linking to a particular website (StalkerDaily). The reason? A worm was making use of a cross site scripting (XSS) vulnerability in Twitter. The vulnerability was in the account settings page, where victim browsers could be forced to update their profile URL to include javascript code within their page. This javascript code would then do its job as a worm and attempt to infect new Twitter users who visit the infected profile. The vulnerability appeared to be quite a standard XSS security flaw. Even when Twitter said that they initially fixed the flaw, new rounds of a modified worm were infecting Twitter users.

XSS worms were not the only problem that Twitter faced. Some accounts on Twitter have more value than others, such as Barak Obama’s or Britney Spear’s twitter account. When these high profile accounts were compromised, the attackers could reach thousands and millions of followers and send them ‘funny’ messages as well as link to malicious code. These high profile accounts were compromised due to a weak password used by Twitter’s own support.

Then there are attacks that many other popular services are vulnerable to. Phishers have been known to target Twitter accounts where people receive direct messages on twitter linking to web pages that appear to be a Twitter login screen. When it comes to encryption, Twitter still does not enforce encryption by default. Even if one chooses to use HTTPS instead of HTTP, Twitter is still vulnerable to Surf Jacking and similar attacks that can downgrade an HTTPS session to HTTP and allow attackers to hijack Twitter accounts. Finally, spammers have acknowledged the value of Twitter and started using it as another platform to conduct their unsolicited “business”.

One lesson that we should have learnt by now is that for services, such as Twitter, that have potential for growth, security becomes an issue sooner or later. If it is not taken seriously from the start, then it will be much more expensive and generally harder to implement security once the service has taken off. In the case of the XSS worm, the vulnerability appears to be a classic XSS. Such vulnerabilities could be easily found through both automated testing and manual approaches. It would be a mistake to assume that such a web service only needs to be tested once. Websites, especially social networks are dynamic, alive and constantly changing. Any code or feature updates can introduce new security flaws and therefore periodic security reviews are required if such a service is to take security seriously.
link:http://www.acunetix.com/blog/web-security-articles/learning-from-other’s-mistakes-twitter-security/
版权声明:
转载请注明原作者:☆obaby☆
网站名称:☆Obaby's H4cking W0rld☆

1 评论:

蔡翠紫 说...

美女工廠貼圖-成人玩具用品使用視頻-珍閣幼電影高清在線-約炮吧
美女貼吧-藍蝴蝶影院-免費幼插在線快播電影-夫妻真實交友網站
日韓美女裸體貼圖-色咪咪成人影視-在線電影免費收看-夫妻互助交友論壇
日韓成人美女貼圖-快播成年人電影免費在線觀看-2013K電影網
成人美女貼圖論壇-成年人性愛教育視頻-色虎網絡電影快播-約炮網
成人日韓貼圖-最新黃色影片免費觀看-色色酒吧影院-91夫妻歡樂交友
日韓貼圖-夜色影視-紅果51百途女生視頻-51夫妻家庭交友網站-真愛旅舍
世界杯日韓美女-毛毛片成人視頻-51百途女生56免費視頻-裸聊視頻
日韓美女全捰體照片-9080成人影院-日本比基尼美女視頻-裸聊直播間
美女寫真-去擼吧成人社區-有色的日本美女視頻-沉陽同城床友交友網
美女裸體的視頻-狼客成人網-9158跳舞吧視頻美女-同城炮床友QQ號
美女裸泳-逍遙網電影-韓國美女視頻跳舞-91pron夫妻論壇-裸體視頻
美女裸泳照-色吧網電影-DJ美女在家視頻跳舞-重慶同城床友交友網
美女裸泳無遮擋圖片-愛愛成人網-美女在家內衣視頻跳舞-性愛視頻
美女裸泳照視頻-哇嘎社區-有沒有免費的聊天室-91夫妻社區
視訊交友-快播有聲黃色小說-迪吧現場高清視頻-91夫妻視頻網址
視訊聊天交友網-第四色成人影院網-午夜劇場夫妻一起看-真愛旅舍
視頻交友秀-婷婷成人網成人影院網-成人免費午夜劇場-91夫妻俱樂部
色群視頻秀-XXOO情色網站-歐美成人午夜劇場-成都同城床友交友網
時裝秀視頻-黃色情網-漂亮美女午夜劇場-章丘同城交友聊天室
視頻秀網盤-插插成人網-天津免費交友網-91夫妻歡樂交友網站
歐美av15p圖片-中華大色高清電影網-視頻秀-福州同城床友交友網
免費寂寞交友聊天-hy777綠色成人電影網-韓國大色高清電影網
大秀視頻-丁香成人圖片-香港色快播電影網-北京同城床友交友網
視頻秀聊天室-成人播播網-色老頭大戰兒媳電影網-夫妻真人秀視頻
QQ群視頻-愛色影院-高清電影網-亞洲色圖網-上海後花園交友
視頻秀場-AV快播-電影天堂-中國高清電影網-黑色絲網襪美女視頻
夜店之王視頻秀插件-擼白金電影-高清電影下載網-黑色絲網襪美女圖片
一對一視頻交友-擼白金QVOD快播-隕石影院三級快播-太原約炮吧
視訊交友0214-擼白金影院-家庭三級快播電影-黑色絲網襪誘惑
視訊聊天交友網-色天使我要電影-四房色播播手機圖片-酒吧約炮
國外視頻交友聊天網-244影城-QVOD四色青電影-煙台同城床友交友網
真愛旅舍-244電視劇網-色娃電影快播QVOD電影-影音交友聊天室
真愛旅舍聊天室-244電影院-亞洲電影四色房播-情色小說-約炮論壇
真愛旅舍聊天室破解-xxoo24在線成人視頻網-q播8萬部電影-美女裸體視頻
真愛旅舍第一-擼擼看電影網-快播色七影院-漁網襪美女視頻
真愛旅舍視頻聊天-愛色窩-美女和帥哥親吻視頻-黑色絲網襪
真愛旅舍破解-紅色AV社區-帥哥和美女親熱視頻-成人情色網
真愛旅舍視頻破解-擼飄飄影院-百色成人網-性感白絲網襪美女

发表评论