Clickjacking Twitter status updates

Twitter is not immune from clickjacking. So far, there have been at least two proof of concept showing that it is possible for a clickjack hacker to use Twitter. The most recent proof focuses on creating fake links that give the attacker access to the user’s “what are you doing?” status. Dark Reading blogger Kelly Jackson Higgins wrote about this method in an article last year.

What are the possible repercussions of this attack?

Most of them are just kind of annoying. The clickjack hacker could, for instance, use your account to publicize a product, service, or event. Or maybe the hacker gets a thrill out of posting embarrassing status updates. These instances will irk you, but they don’t cause serious problems.

Hijacking someone’s status updates, however, could give hackers access to hundreds or even thousands of Tweet followers. When these updates link to websites that contain malicious viruses, worms, and other clickjacking attacks, though, they can create serious problems for large numbers of people.

Twitter has responded quickly to clickjacking attacks, but the company hasn’t yet found a way to completely prevent them. It is, therefore, necessary that some people will fall victim to the clickjacking attack before Twitter recognizes the problem. The best way to protect yourself? Pay attention to the information that you see in Tweets and choose carefully before you decide to follow any links. If the Tweet seems out of character, then it could be the result of a clickjack.

Explore posts in the same categories: Uncategorized

Tags: , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: