Researcher reveals Twitter ‘follow’ bugAugust 1, 2008 – 9:56 AM
Attackers can exploit a bug in Twitter to force victims to follow the hacker’s account, a security researcher said Thursday.
According to Aviv Raff, the Twitter vulnerably could expose users to malware-hosting Web sites. “It can force people to follow you, which means all your twits will be showed in their Twitter home page — including potentially malicious links,” Raff said during an interview conducted via instant messaging.
On a site dubbed “Twitpwn” that he launched earlier Thursday to report research he’s done on the social networking and micro-blogging service, Raff spelled out only the basics. “Twitter security team was notified on 31-July-2008,” he said on the site. “Technical details will be added as soon as this vulnerability will be fixed.”
Twitter will have a fix in place by Friday, Raff added.
An attacker can currently leverage the bug by tricking users into clicking on a link on a malicious or hacked Web site. From that point, the victim’s Twitter account is automatically set to follow the attacker’s.