About the same time, The Washington Post reported that Twitter had fixed an SMS spoofing vulnerability identified by James that was nearly identical to one reported to the company by another security researcher back in April 2007.
In January, 33 Twitter accounts associated with celebrities were hacked.
That same month, Twitter said it was conducting a full security review of all access points to Twitter. To date, it has not provided an update on its findings.
In July, security researcher Aviv Raff said that Twitter suffered from a vulnerability that allowed an attacker to force victims to join his or her Twitter follow list automatically.
Twitter's surging popularity only increases its attractiveness as a target for cybercrime. And the service's basic design amplifies the problem. "The structure that Twitter uses makes it the perfect architecture for spreading something virally," said Wastl. As with social networks, the feeling that one is among friends on Twitter may lead to insufficient caution.
According to James, Twitter encourages unsafe security practices, like the use of URL redirection and presenting links in a way that promotes trust that may not be deserved.
"It breeds bad human behavior to serious security problems," said James.
InformationWeek Analytics has published an independent analysis of the challenges around setting business priorities for next-gen Web applications. Download the report here (registration required).
.svg)
