Comments on: Waves of Twitter attacks erode trustworthiness of Tweets http://lastwatchdog.com/waves-twitter-attacks-errode-trustworthiness-tweets/ on Internet security by Byron Acohido Fri, 03 Feb 2012 18:38:32 +0000 hourly 1 http://wordpress.org/?v=3.0.4 By: Caroll Passmore http://lastwatchdog.com/waves-twitter-attacks-errode-trustworthiness-tweets/#comment-3305 Caroll Passmore Sun, 12 Dec 2010 20:57:11 +0000 http://lastwatchdog.com/?p=2974#comment-3305 Have been looking at doing site optimization and bettering the design on my website for a long time, so this website has been very useful. Clear read also, so thank you! Have been looking at doing site optimization and bettering the design on my website for a long time, so this website has been very useful. Clear read also, so thank you!

]]> By: Alexandru Catalin COSOI http://lastwatchdog.com/waves-twitter-attacks-errode-trustworthiness-tweets/#comment-792 Alexandru Catalin COSOI Tue, 29 Sep 2009 14:04:35 +0000 http://lastwatchdog.com/?p=2974#comment-792 Great article Byron! Even though the most evident emerging threat right now in social networks is the increasing number of URL shortening services, this appears to be a problem mostly on Twitter due to the 140 character limit on posts. Ths use of shortened URLs on other social networking sites such as Facebook or MySpace hasn't been adopted by the masses yet. The most important aspect of social networks is trust. Even though email spam is annoying and can take up a lot of time, people usually have some idea if the email is spam or legitimate. In most spam emails, the sender is someone unknown and the email might be in a foreign language - or at least people can usually tell if the email is spam because the wording sounds strange. Social engineered emails were and still are a success. On social networks, people are encouraged to add as many friends as possible and spend as much time as possible on these sites. Spammers, phishers and malware writers also have the same idea. They want to be your friend, exchange messages with you, and most important… they want to earn your trust. This opens the door to any number of malware attacks. Alexandru Catalin Cosoi BitDefender Great article Byron!

Even though the most evident emerging threat right now in social networks is the increasing number of URL shortening services, this appears to be a problem mostly on Twitter due to the 140 character limit on posts. Ths use of shortened URLs on other social networking sites such as Facebook or MySpace hasn’t been adopted by the masses yet.

The most important aspect of social networks is trust. Even though email spam is annoying and can take up a lot of time, people usually have some idea if the email is spam or legitimate. In most spam emails, the sender is someone unknown and the email might be in a foreign language – or at least people can usually tell if the email is spam because the wording sounds strange. Social engineered emails were and still are a success.

On social networks, people are encouraged to add as many friends as possible and spend as much time as possible on these sites. Spammers, phishers and malware writers also have the same idea. They want to be your friend, exchange messages with you, and most important… they want to earn your trust. This opens the door to any number of malware attacks.

Alexandru Catalin Cosoi
BitDefender

]]> By: Andrew Storms http://lastwatchdog.com/waves-twitter-attacks-errode-trustworthiness-tweets/#comment-791 Andrew Storms Mon, 28 Sep 2009 20:44:18 +0000 http://lastwatchdog.com/?p=2974#comment-791 The reality is that people are putting way too much trust in companies like Twitter because the service is new and fun and seemingly harmless. Twitter really has become the perfect Petri dish for all trust-based attacks. Every type of attack based on social relationships has immigrated to Twitter. For example, most people have at least heard about phishing and email attacks. Now these kinds of attacks also come in as Tweets, nothing else has changed. There’s nothing fancy here, just basic attacks that rely on exploitation of trusted relationships and they will keep coming in more sophisticated forms as long as there are people to exploit. The reality is that people are putting way too much trust in companies like Twitter because the service is new and fun and seemingly harmless. Twitter really has become the perfect Petri dish for all trust-based attacks.

Every type of attack based on social relationships has immigrated to Twitter. For example, most people have at least heard about phishing and email attacks. Now these kinds of attacks also come in as Tweets, nothing else has changed. There’s nothing fancy here, just basic attacks that rely on exploitation of trusted relationships and they will keep coming in more sophisticated forms as long as there are people to exploit.

]]> By: Lyle http://lastwatchdog.com/waves-twitter-attacks-errode-trustworthiness-tweets/#comment-790 Lyle Mon, 28 Sep 2009 17:23:26 +0000 http://lastwatchdog.com/?p=2974#comment-790 Thanks for the article Byron. Always good to be aware of the latest tactics being used. The more people that use some caution the better it is for all of us. I run into people all the time who feel they are safe because they use this or that AV program. Thanks for the article Byron. Always good to be aware of the latest tactics being used. The more people that use some caution the better it is for all of us. I run into people all the time who feel they are safe because they use this or that AV program.

]]> By: Dirk Knop http://lastwatchdog.com/waves-twitter-attacks-errode-trustworthiness-tweets/#comment-789 Dirk Knop Mon, 28 Sep 2009 15:06:24 +0000 http://lastwatchdog.com/?p=2974#comment-789 As Twitter and Facebook now seem to complement the well-known email attack vector to convince users to install malware or to phish for login data, some safety measures should be taken by the user. For example, usually the URL shortcut services used by twitter allow for configuring a preview before sending the browser to the actual site that is linked. With that real link it might be possible to detect a fraudulent URL. Also, never type in your password into alien sites - when you come from Twitter, why should you need to login again? Such behaviour should raise suspicion. Dirk Knop Technical Editor Avira GmbH As Twitter and Facebook now seem to complement the well-known email attack vector to convince users to install malware or to phish for login data, some safety measures should be taken by the user. For example, usually the URL shortcut services used by twitter allow for configuring a preview before sending the browser to the actual site that is linked. With that real link it might be possible to detect a fraudulent URL. Also, never type in your password into alien sites – when you come from Twitter, why should you need to login again? Such behaviour should raise suspicion.

Dirk Knop
Technical Editor
Avira GmbH

]]> By: Chester Wisniewski - Sophos http://lastwatchdog.com/waves-twitter-attacks-errode-trustworthiness-tweets/#comment-788 Chester Wisniewski - Sophos Sun, 27 Sep 2009 20:19:50 +0000 http://lastwatchdog.com/?p=2974#comment-788 Great Article Byron, Thought I would add some practical advice for users to help avoid being gamed by these social media hucksters: 1. Only provide your Twitter credentials to services using OAuth to obtain your ID. OAuth ensures your password is only sent to Twitter and still allows the service to perform the duties you assign it. 2. Don't blindly click shortened URLs. 2a. Tinyurl.com offers the ability to get a preview using only Cookies in your browser at http://tinyurl.com/preview.php. 2b. Bit.ly offers a Firefox plugin to preview URLS as well at http://bit.ly/bitlyFirefox 2c. Clicking http://ow.ly links can be dangerous as there does not appear to be a way to know where it is taking you... Beware Chester Wisniewski Sophos Inc. @chetwisniewski on Twitter Great Article Byron,

Thought I would add some practical advice for users to help avoid being gamed by these social media hucksters:

1. Only provide your Twitter credentials to services using OAuth to obtain your ID. OAuth ensures your password is only sent to Twitter and still allows the service to perform the duties you assign it.

2. Don’t blindly click shortened URLs.
2a. Tinyurl.com offers the ability to get a preview using only Cookies in your browser at http://tinyurl.com/preview.php.
2b. Bit.ly offers a Firefox plugin to preview URLS as well at http://bit.ly/bitlyFirefox
2c. Clicking http://ow.ly links can be dangerous as there does not appear to be a way to know where it is taking you… Beware

Chester Wisniewski
Sophos Inc.
@chetwisniewski on Twitter

]]>