Security researcher Aviv Raff is launching a Month of Twitter Bugs in July to call attention to security issues affecting the microblogging service. As part of the initiative, Raff says he will publish a new third-party Twitter service vulnerability every day.A security researcher has painted a bull's eye on Twitter starting July 1 in
the "Month
of Twitter Bugs."
The project is a spin on the "Month of Browser Bugs" initiative
launched in July 2006. Three years later, Israeli security researcher Aviv
Raffwho also participated in the 2006 efforthas said he will dedicate the
month of July to calling attention to an issue involving the Twitter API
he blogged about in May.
"Each day I will publish a new vulnerability in a third-party Twitter
service on the twitpwn.com Website," Raff wrote on his blog June 15. "As
those vulnerabilities can be exploited to create a Twitter worm, I'm going to
give the third-party service provider and Twitter at least 24 hours' heads-up
before I publish the vulnerability."
Officials at Twitter did not respond to a request for comment before
publication. But the microblogging service has increasingly become attractive
to attackers. On May 30, Twitter
was hit with a scareware scam designed to trick users into paying for fake
anti-virus software, marking the first time attackers had launched that type of
attack on the service. In April, a Twitter
administrative account was hacked, allowing the hacker to post screenshots
of account details for several celebrities.
In May, Raff
created a proof-of-concept exploit for a vulnerability in the Website Twitpic.com, which uses the Twitter API. The
idea, he wrote in a blog post at the time, was to show how the Twitter API
could be abused to launch other attacks.
"Even though I have enough vulnerabilities for
this month, you are more than [welcome] to send me (via e-mail or Twitter) vulnerabilities
you find in third-party Twitter services," he wrote in today's post.