Web Hosting Security

  Home arrow Web Hosting Security arrow A New Threat Makes its Way through Twi...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

A New Threat Makes its Way through Twitter
By: wubayou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1

    Table of Contents:

    Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article



    On Monday, security firm Sophos used a post on its Naked Security blog to describe a new instance where Twitter has once again become the avenue of choice for scammers. Using compromised accounts, scammers have been transmitting phony promises in an attempt to get users to visit questionable sites that have malicious intentions.

    “I made $888 today check out how I made it,” is an example of the phony messages that have been making their rounds on Twitter.  The messages use such outrageous claims to entice users to click the links that follow them.  If a user clicks on the link, they will be led to a site that supposedly helps teenagers and single mothers earn thousands of dollars on a daily basis.  The users will then be coaxed into signing up for the service, which will actually subtract from their bottom line, rather than add to it.  Sophos noted that the promises have been sent both as tweets and as direct messages.  The monetary amounts listed in the messages tend to fluctuate as well.  By using compromised accounts, make the promises seem more trustworthy to followers.

    As explained by Barracuda Networks during the RSA security conference earlier this year, Twitter is an appealing target to scammers for multiple reasons.  First, its design as a social network makes it ideal for spreading scams at an exponential rate.  Second, Twitter’s rapid growth in popularity has extended its presence all over the web.  Third, it offers functionality as a search engine.

    While Twitter undoubtedly offers a solid platform for quick and concise communication amongst its legitimate users, the number of malicious accounts within the social network is quite high.  Barracuda conducted research on the scamming phenomenon and found that only 43 percent of all Twitter users were legitimate.  The other 57 percent were labeled as questionable.  The company also showed how such malicious accounts can gain the trust of followers, as one that directed users to shareware containing malware and Trojans had 445 followers.

    Twitter has made efforts to combat the growth of malicious accounts and messages.  Last year, it implemented a filtering service to counter things such as phishing attacks that attempt to steal login credentials.  The company also increased security through the use of its t.co URL shortening service.  To keep yourself protected on Twitter, Sophos recommends that you avoid clicking on any suspicious links, scan your computer for malware on a regular basis, and reset your password if your account becomes compromised.

    For more on this topic, visit http://news.cnet.com/8301-13506_3-20086316-17/security-firm-warns-of-new-twitter-threat/?tag=mncol;txt  

    Facebook Introduces New Bug Bounty Program

    Facebook recently ramped up its efforts to improve security, as the omnipresent social network announced a new bug bounty program that will give researchers monetary rewards for properly reporting any security holes found in the site.

    In the past, Facebook rewarded researchers’ efforts in finding bugs by giving them positive publicity on the site’s Whitehat page.  Some researchers received Facebook freebies, while the most fortunate ended up working for the company.  Alex Rice, product security lead with the social network, said, “Some of our best engineers have come to work here after pointing out security bugs on our site."  Besides Ryan McGeehan, manager of Facebook’s security response team, the company has also hired George Hotz, who’s known for his expertise in jailbreaking the iPhone and hacking Sony’s PlayStation 3.

    By upping the stakes with the promise of financial rewards, Facebook hopes that researchers will have even more incentive to identify and report security bugs.  The new reward system is also Facebook’s way of expressing their appreciation towards the community of researchers who have aimed to improve the site’s security in the past.  The minimum compensation has been set at $500.  No maximum amount has been set at this time. 

    Researchers must abide by Facebook’s Responsible Disclosure Policy in order to receive any compensation for their efforts.  The policy is posted on Facebook’s Whitehat page: "If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."  Facebook’s Chief Security Officer Joe Sullivan noted that bugs normally take no longer than a day to fix.  To keep researchers from negatively affecting other users or violating terms of use, Facebook is giving them a method to create accounts for testing purposes.

    Facebook’s move towards monetary compensation is nothing new to the web industry.  Mozilla’s bug bounty program has been in place since 2004. Google, meanwhile, has a bounty program for its Chrome browser and also offers compensation between $500 and $3,000 to those who report web security holes.

    For more on this topic, visit http://news.cnet.com/8301-27080_3-20085163-245/facebook-launches-bug-bounty-program/?tag=mncol;title


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By wubayou


    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap