On Monday, security firm Sophos used a post on its Naked Security blog to describe a new instance where Twitter has once again become the avenue of choice for scammers. Using compromised accounts, scammers have been transmitting phony promises in an attempt to get users to visit questionable sites that have malicious intentions.
“I made $888 today check out how I made it,” is an example of the phony messages that have been making their rounds on Twitter. The messages use such outrageous claims to entice users to click the links that follow them. If a user clicks on the link, they will be led to a site that supposedly helps teenagers and single mothers earn thousands of dollars on a daily basis. The users will then be coaxed into signing up for the service, which will actually subtract from their bottom line, rather than add to it. Sophos noted that the promises have been sent both as tweets and as direct messages. The monetary amounts listed in the messages tend to fluctuate as well. By using compromised accounts, make the promises seem more trustworthy to followers.
As explained by Barracuda Networks during the RSA security conference earlier this year, Twitter is an appealing target to scammers for multiple reasons. First, its design as a social network makes it ideal for spreading scams at an exponential rate. Second, Twitter’s rapid growth in popularity has extended its presence all over the web. Third, it offers functionality as a search engine.
While Twitter undoubtedly offers a solid platform for quick and concise communication amongst its legitimate users, the number of malicious accounts within the social network is quite high. Barracuda conducted research on the scamming phenomenon and found that only 43 percent of all Twitter users were legitimate. The other 57 percent were labeled as questionable. The company also showed how such malicious accounts can gain the trust of followers, as one that directed users to shareware containing malware and Trojans had 445 followers.
Twitter has made efforts to combat the growth of malicious accounts and messages. Last year, it implemented a filtering service to counter things such as phishing attacks that attempt to steal login credentials. The company also increased security through the use of its t.co URL shortening service. To keep yourself protected on Twitter, Sophos recommends that you avoid clicking on any suspicious links, scan your computer for malware on a regular basis, and reset your password if your account becomes compromised.
For more on this topic, visit http://news.cnet.com/8301-13506_3-20086316-17/security-firm-warns-of-new-twitter-threat/?tag=mncol;txt
Facebook Introduces New Bug Bounty Program
Facebook recently ramped up its efforts to improve security, as the omnipresent social network announced a new bug bounty program that will give researchers monetary rewards for properly reporting any security holes found in the site.
In the past, Facebook rewarded researchers’ efforts in finding bugs by giving them positive publicity on the site’s Whitehat page. Some researchers received Facebook freebies, while the most fortunate ended up working for the company. Alex Rice, product security lead with the social network, said, “Some of our best engineers have come to work here after pointing out security bugs on our site." Besides Ryan McGeehan, manager of Facebook’s security response team, the company has also hired George Hotz, who’s known for his expertise in jailbreaking the iPhone and hacking Sony’s PlayStation 3.
By upping the stakes with the promise of financial rewards, Facebook hopes that researchers will have even more incentive to identify and report security bugs. The new reward system is also Facebook’s way of expressing their appreciation towards the community of researchers who have aimed to improve the site’s security in the past. The minimum compensation has been set at $500. No maximum amount has been set at this time.
Facebook’s move towards monetary compensation is nothing new to the web industry. Mozilla’s bug bounty program has been in place since 2004. Google, meanwhile, has a bounty program for its Chrome browser and also offers compensation between $500 and $3,000 to those who report web security holes.
For more on this topic, visit http://news.cnet.com/8301-27080_3-20085163-245/facebook-launches-bug-bounty-program/?tag=mncol;title
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou