I am REALLY miffed with Twitter for this breach in security. It’s such an old and well known method of attack that it’s beyond forgiveness that it wasn’t stopped at the source.
I was going through my latest ‘followers’ and this popped up :
Hackers embed attack in Twitter profile image
I assume it was in one of the Britney type I blocked but what disturbs me is that a) it ever got through and b) it’s flagged at a known attack
If one got through you can be very sure that hundreds or probably thousands more bot accounts are similarly affected.
If you want an in depth look at this form of attack watch with 40 minute video DefCon 15 – T312 – The Executable image Exploit
You can read of the older GDI hack on this Cisco page : Microsoft GDI+ GIF Image Parsing Memory Corruption Vulnerability
There are other similar exploits and hacks. Scary eh. What’s irritating the heck out of me is Twitter let this through!
{ 1 trackback }
{ 0 comments… add one now }