A month of Twitter bug revelations means more security for micro-bloggers

Opinion by draywood

Tomorrow (Friday 31st July) sees the end of a month of exposing ‘Twitter Bugs' by ‘security researcher' (the words of Geek.com) Aviv Raff. Now I...

Tomorrow (Friday 31st July) sees the end of a month of exposing ‘Twitter Bugs' by ‘security researcher' (the words of Geek.com) Aviv Raff. Now I have to admit that I have not been following his expose closely on the twitpwn.com website, however it is very admirable that Raff has followed his own task so closely.

On his blog, he declared July 2009 to be the "Month of Twitter Bugs" in order to raise the awareness of the Twitter API issue that he claimed was a weak link that could allow the creation of twitter worms, such as the Mikeyy worm earlier this year.

The aim, he said, was to enable Twitter and other Web2.0 API providers to ‘work closely with their API consumers to develop more secure products.'

For those who have not been keeping to up-to-date, each day Raff was publishing a new vulnerability in a third party Twitter service on the twitpwn.com website.

Raff said: "As those vulnerabilities can be exploited to create a Twitter worm, I'm going to give the third party service provider and Twitter at-least 24 hours heads-up before I publish the vulnerability.

"Even though I have enough vulnerabilities for this month, you are more than welcomed to send me (via email or twitter) vulnerabilities you find in 3rd party Twitter services. I will do my best to publish all submitted vulnerabilities. I will, of course, credit the submitter."

The format of his daily updates fall around anything from six to eight points, notably; what the application is, how it affects Twitter, the popularity rate, what the vulnerability is, the patching status, details and proof of concept and a response from the vendor.

Scrolling through Raff's various updates sees many attempts at reporting the bugs, with a small percentage responding to his reports and actually fixing the vulnerabilities.

What should be welcomed about this venture is not the highlighting of such vulnerabilities or even the effort to highlight bugs within such a popular tool, but the determination and persistence of Raff really has to be applauded. Quite what Biz Stone et al make of this is uncertain, but the safer social networking becomes the better it is for all of us.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events