Clickjacking Attack on Twitter

Last year Twitter responded to its first clickjacking attack. No one has seen any negative repercussions from the attack, but users could have potentially compromised their security by falling for the prank.

The scheme involved the phrase “don’t click” followed by a link. Of course, many of those who received the message clicked on the link out of curiosity. This led to another screen that said “don’t click.” When this link was clicked, nothing seemed to happen, but the message contained javascript that replicated itself and sent it out to everyone following the person’s tweets.

Many people passed it on without knowing that they had ever been duped by some sneaky programming.

Like many clickjacking schemes that use social networking tools, the message spread like wildfire.

Within just six hours the message had spread to 260 users and continued to grow exponentially. Twitter caught on quickly, though, and shut down the clickjacking scheme. According to the company’s representatives, it did not take them very long to identify the problem and solve it.

Even though the “don’t click” clickjacking attack didn’t spread any malware or steal information, it shows that Twitter users should be more careful. Their actions could have more serious consequences.

It’s good to see that Twitter responded so quickly to the threat. This indicates to me that they have a crack team of security specialists who understand the potential threats that could harm their members.

I suppose that the ultimate lesson here, though, is that while you can’t believe everything that you see on Twitter, you can be fairly certain to not do things when instructed not to do them.

You can read more about “don’t click” at Sunlight Labs, CNET, and Daniel Sandler’s blog.

Advertisements
Explore posts in the same categories: Uncategorized

Tags: , , , , , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: