Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our specialty !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

WHID 2009-31: Double Clickjacking Worm on Twitter

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Incidents
Author Message
trihub
Sergeant


Joined: 04 Dec 2006
Posts: 180

PostPosted: Thu Aug 27, 2009 1:51 pm    Post subject: WHID 2009-31: Double Clickjacking Worm on Twitter Reply with quote
Source: http://www.xiom.com/whid/blog

Twitter is certainly bypassing Facebook as the most popular site out there, at least when it comes to security incidents.This time somebody decided abuse Twitter to demonstrate Clickjacking, an attack that RSname and Jeremiah Grossman re-christened in the OWASP conference in New York in September.

A well placed button labeled "don't click" make people click on it actually sending a Twitter message. Sunlight labs have a very interesting report showing the rate of propagation of the worm.

Cnet reports the worm spread on Feb 12th in two pulses. After the Twitter people closed the loophole the 1st time, somebody bypassed the patch to restart the worm spread out.

Chriss Shiflett provides a very good technical analysis of the worm.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Incidents All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group