In association with heise online

16 June 2009, 14:33

July to be the "Month of Twitter Bugs"

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security specialist Aviv Raff has nominated this July as the "Month of Twitter Bugs" (MoTB), during which he plans to publish details of one Twitter API-related vulnerability per day. The API allows users to configure, manage and query the status of their own account using http requests. Raff has already reported that it's possible to exploit the API query to the Twitter image service to spread worms. Strictly speaking, these are not vulnerabilities in the Twitter API, but rather careless or error-strewn implementations of API queries by third parties.

Raff claims to have already found enough security problems in third party services which make use of the Twitter API to fill the month. He is, nonetheless, more than happy to receive information on any other problems. Raff hopes his campaign will increase awareness of potential problems when using the Twitter API in particular and Web 2.0 APIs in general.

Because all of the vulnerabilities he has identified can be used to spread a Twitter worm, he intends to give each of the affected suppliers and Twitter operators 24 hours notice prior to releasing his report. It should be interesting to see whether all the parties involved are able to fix the vulnerabilities in their implementations within the time frame.

The "Month of Twitter Bugs" follows on from monthly bug series the "Month of Browser Bugs", "Month of Apple Bugs", "Month of PHP Bugs" and "Month of Kernel Bugs". Sadly, the "Month of Java Bugs" only turned out to be an April fool's joke – for now at any rate.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit