sorinmustaca.com » twitter

onMouseOver() Twitter security flaw (+Update)

21.09.2010 (5:51 pm) – Filed under: News,security

A Twitter security flaw is being widely exploited on Twitter, showing remote content from third-party websites without user’s consent.

The flaw uses a JavaScript function called onMouseOver() which creates an event when the mouse is passed over a text or link. Any user can use this flaw to

create simple popups, redirect the page to somewhere else, retweet some messages or hide parts of the message.

The link has to be constructed in such a way that it starts with http://twitter.com/<text>@”onmouseover=”<code>”

The problem is that Twitter doesn’t filter the code, it instead executes it.

To overcome the problem, use some 3rd party websites to work with Twitter. These website use the API directly and not the twitter.com website GUI.

Another solution is to use the mobile website, which doesn’t seem to have the flaw.

Update: Twitter fixed the problem : http://blog.twitter.com/2010/09/all-about-onmouseover-incident.html

Comments OffTags: com, flaw, onMouseOver(), security, twitter, websites

When the whales fly (or Twitter hiccups)

29.06.2010 (10:39 am) – Filed under: General,News

From time to time, the users of Twitter are unable to login on the official website.

Sometimes the screen below can be seen, sometimes just a timeout error. Interesting enough, after you refresh a couple of times, you are able to do whatever you were trying to do, and then never get this error until you login again.

http://twitter.com/503

There can be many reasons for which we see this error. From a simple overload to a distributed denial of service. Which we know that it happened on August 6, 2009 [1].
But, the most common reason is too many users(or services) are trying to access the Twitter services simultaneously. In this case, the servers behind the twitter.com domain are overloaded and are not able to access the required information to let you in. There is a corresponding HTTP error which is reported : 503 – Service (or server) not available.
But what is this error and why are we able to see it when the webservers are not available?
There’s a trick.

Any decent webserver reserves a certain amount of connections for this kind of messages. This error code can be served in the following circumstances:
- Too many connections simultaneously.
- There is no content anymore in the Root folder – usually a site upgrade.
- A load balancer (usually a normal http server with mod_proxy_balancer loaded) report this when no balancer member is able to serve the requests.

So, is this really the case with Twitter?
It may be… considering the fact that various sources report that Twitter has more than 200 million users.
In order to find out more about Twitter’s outages please read Wikipedia [1]

What to do when the whale flies?
Be patient.

Legend:
[1]. http://en.wikipedia.org/wiki/Twitter#Outages

Comments OffTags: 503, error, http, over capacity, report, twitter

And now Amazon is being used to advertise the Canadian Pharmacy

22.06.2010 (8:24 am) – Filed under: Spam & Phishing

Remember this post about emails which looks like Facebook and Twitter phishing at first signt ?
http://msorin.wordpress.com/2010/05/20/facebook-and-twitter-phishing-on-first-sight/

Now Amazon.com got hit quite massively: Read more here in the Avira Techblog

Comments OffTags: amazon, canadian pharmacy, com, meds, phishing, post, spam, twitter

Facebook and Twitter Phishing (on first sight)

20.05.2010 (5:51 pm) – Filed under: General,Spam & Phishing

The source of the articles is in the Avira Techblog:
Twitter Phishing (on first sight)
Facebook Phishing (on first sight)

Twitter

Over the weekend our spam traps received a massive wave of emails looking like the one below:

The emails seem to stem from “Twitter Support” (support@twitter.com) and are addressed each to exactly one unique email address. The link in the email seems to be unique for each email sent, too. Quite an effort to make the email look more legitimate. The target link is always a compromised website holding an html page.

Amazon: Bestsellers Electronics and Photo

After clicking on the URL, a multiple stage redirection takes place. On some of these redirection websites, the intermediate page raises alerts because our engine detects encrypted content in JS.

Finally comes the surprise: The target website at the end of the redirects is not a phishing website but a Canadian online pharmacy.

For me personally this was a “Wow!” moment. Why did the spammers choose to send the emails as Twitter phishing? I think that the explanation is simple – they did it because nobody did it before.

As usual, users of the Avira Premium Security Suite and the users of our gateway products have no reasons to fear: the emails are detected as phishing and all target URLs are blocked.

Facebook

Three weeks ago, our spam traps received massive amounts of spam mails which looked much more like Twitter phishing. This Twitter scheme obviously doesn’t work anymore, as we now are seeing plenty of mails which look like Facebook phishing.

The mails seem to stem from “Facebook” and use unique sender addresses that look like “notification+@facebookmail.com”.

Some observations about the current spam mails:

* Almost all the spams we’ve seen come from Russia (the “received” headers show that the sender sits in russian networks)
* There is always a fake Message-ID similar to the one from Facebook :
* The header “X-Mailer: ZuckMail [version 1.00]” is always the same
* There is an additional X-header called Errors-To with another email address at Facebook “notification+@facebookmail.com”

Amazon: Bestsellers Electronics and Photo

We asked ourselves why the cyber criminals do so much hassle with creating a phishing email in order to get redirected to an online pharmacy website. There are PROs and CONs if someone sends phishing emails using sites like Twitter and Facebook:

PRO: Using these sites which each having at least 100 million users worldwide, the spammers have the possibility to reach a huge audience. If even a 0.01% of the people buy something from those websites, then the operation was a success.

CON: Sending such a primitive phishing is a very bad idea because it is very simple to detect it. Practically, there is clear indication of phishing even for basic detection algorithms like those in Thunderbird.

Bottom line, the spammers are just trying everything to get some attention and therewith purchasers.

Short link: http://wp.me/p1Ipp-7s
Amazon: Bestsellers Electronics and Photo

Comments [3]Tags: email, Facebook, meds, online pharmacy, pharma, phishing, phsihing, spam, twitter, website

Are your tweets through Tweeterfeed and Ping.fm no longer published ?

06.05.2010 (8:59 pm) – Filed under: General,News

Are you using Tweeterfeed and Ping.fm ?
Are your tweets no longer published ?

Then you didn’t read Twitter’s post here: http://dev.twitter.com/

June 30, 2010 The @twitterapi team will be shutting off basic authentication on the Twitter API. All applications, by this date, need to switch to using OAuth. Read more »

So, the solution is to switch to OAuth.
Ping.fm is now able to use this : https://ping.fm/twitter/

Guys at Tweeterfeed and ping.fm : are you stupid ?!
You f** up a lot of messages and you made a lot of people in this world !
Shame on you.

Comments [1]Tags: http, ping.fm, twitter, twotterfeed

I am getting more and more spam like this

12.03.2010 (9:55 pm) – Filed under: General

I am getting more and more spam like this : http://techblog.avira.com/2010/03/11/twitter-spam-getting-slim-with-slim-urls/en/

Comments OffTags: com, http, spam, twitter

Using ping.fm

28.08.2009 (10:15 am) – Filed under: News

I have to many services which I like to use: Facebook, LinkedIn, Twitter, this blog and others.

But how can I keep them synchronized ? I can’t… because they are just too different.

I found by mistake a service which can… It is called Ping.fm and it actually works : I write in one place something and it is automatically posted in all the above websites.

This is cool…
Expect more infos from me

Comments OffTags: Facebook, LinkedIn, ping.fm, services, twitter, websites

Twitterfeed

21.08.2009 (10:19 am) – Filed under: News

I found a new service which promises to publish every 30 minutes any RSS Feed to a Twitter account.
It is called “Twitterfeed” .

Let’s see if this post reaches my Twitter account : http://twitter.com/sorinmustaca

Comments OffTags: http, http://twitter.com/sorinmustaca, post, rss to twitter, twitter, Twitterfeed

Sorin Mustaca
Search for:
Blogroll
- Personal Page
- URL Aggregator
Pages
Archive
Tags

antivirus article av Avira avira techblog blog botnet box browser cloud com course email Facebook free google http install malware microsoft Nigerian online page PayPal personal phishing photos pictures post posts problem protection quoted romania security software Sorin Mustaca spam support Techblog twitter update virus bulletin website websites
Admin area
Follow these tweets

Follow @sorinmustaca
Twitter feed
- The H Roundup for the week ending 19 May: In the last seven days: a beta for PostgreSQL 9.2 arrived, Chrome 19 w... bit.ly/KjzJmY 8 hours ago
- Security Expert Finds Open Redirection Bug on Google Books: Deepanker Verma, a security research at the Infosec ... bit.ly/JVA3sQ 9 hours ago
- “Facebook (IPO) Subscription Partnership Proposal” 419 Scam Making Rounds: How do you react if you receive an em... bit.ly/JZVJnL 10 hours ago
- Iranian Hackers Compromise NASA SSL Certificate, Agency Investigates: On May 16, a group of Iranian hackers and ... bit.ly/JV8oZ5 12 hours ago
- Worm Posts on SNS Sites and Wipes out Rivals: W32.Wergimog is a worm that attempts to spread through removable d... bit.ly/LlYKTt 15 hours ago

sorinmustaca.com – Sorin Mustaca – personal blog. Security software, agile development, scrum, programming and more

Sorin Mustaca

Blogroll

Pages

Archive

Tags

Admin area

Follow these tweets