Security researcher Aviv Raff is launching a Month of Twitter Bugs in July to call attention to security issues affecting the microblogging service. As part of the initiative, Raff says he will publish a new third-party Twitter service vulnerability every day.
A security researcher has painted a bull's eye on Twitter starting July 1 in
of Twitter Bugs."
The project is a spin on the "Month of Browser Bugs" initiative
launched in July 2006. Three years later, Israeli security researcher Aviv
Raff-who also participated in the 2006 effort-has said he will dedicate the
month of July to calling attention to an issue involving the Twitter API
he blogged about in May.
"Each day I will publish a new vulnerability in a third-party Twitter
service on the twitpwn.com Website," Raff wrote on his blog June 15. "As
those vulnerabilities can be exploited to create a Twitter worm, I'm going to
give the third-party service provider and Twitter at least 24 hours' heads-up
before I publish the vulnerability."
Officials at Twitter did not respond to a request for comment before
publication. But the microblogging service has increasingly become attractive
to attackers. On May 30, Twitter
was hit with a scareware scam
designed to trick users into paying for fake
anti-virus software, marking the first time attackers had launched that type of
attack on the service. In April, a Twitter
was hacked, allowing the hacker to post screenshots
of account details for several celebrities.
In May, Raff
created a proof-of-concept exploit
for a vulnerability in the Website Twitpic.com,
which uses the Twitter API. The
idea, he wrote in a blog post at the time, was to show how the Twitter API
could be abused to launch other attacks.
"Even though I have enough vulnerabilities for
this month, you are more than [welcome] to send me (via e-mail or Twitter) vulnerabilities
you find in third-party Twitter services," he wrote in today's post.