Sign up to our newsletter
As reported at http://www.eweek.com/c/a/Security/Twitter-XSS-Vulnerability-Still-Wide-Open-Developer-Says-433005/, a researcher has found a cross site scripting vulnerability that affects Twitter. The researcher claims that by exploiting this he could gain access to the Twitter accounts of anyone who views his specially crafted tweets.
The explanation of the problem is a bit techie, but there is a very key point in the article. One of the best protections against this and potentially many other attacks is to not follow people you do not know or trust. This means that you must understand that just because a person wants to follow you it doesn’t mean you should follow them. It might be good to look through the list of people you are following and make sure you really trust everyone on the list.
In some ways social networking can be like being at a club. You can meet all kinds of people you didn’t know. You can strike up a conversation with a person you never met before. The big difference is that at a club there are lots of people around. When you are on a social networking site you are effectively alone and the person you are talking to has nobody else to worry about seeing what they are doing. It really is a lot more like being in a dark alley than being in a popular night spot.
With all social networking sites, be selective about what information you share, who you allow on your network, and what links you follow. Always remember that a friend’s account can be hacked and in that case, even though the message actually comes from the friend’s account, it might not be your friend sending it. Look for context. This means that if you get a message that is out of character, use another means of contact to make sure your friend really is the one sending the message.
Director of Technical Education
Author ESET Research, ESET