Twitter Security in Spotlight with Month of Twitter Bugs

A security researcher has painted a bull's eye on Twitter starting July 1 in the "Month of Twitter Bugs."

The project is a spin on the "Month of Browser Bugs" initiative launched in July 2006. Three years later, Israeli security researcher Aviv Raff—who also participated in the 2006 effort—has said he will dedicate the month of July to calling attention to an issue involving the Twitter API he blogged about in May. 

"Each day I will publish a new vulnerability in a third-party Twitter service on the twitpwn.com Website," Raff wrote on his blog June 15. "As those vulnerabilities can be exploited to create a Twitter worm, I'm going to give the third-party service provider and Twitter at least 24 hours' heads-up before I publish the vulnerability."

Officials at Twitter did not respond to a request for comment before publication. But the microblogging service has increasingly become attractive to attackers. On May 30, Twitter was hit with a scareware scam designed to trick users into paying for fake anti-virus software, marking the first time attackers had launched that type of attack on the service. In April, a Twitter administrative account was hacked, allowing the hacker to post screenshots of account details for several celebrities. 

In May, Raff created a proof-of-concept exploit for a vulnerability in the Website Twitpic.com, which uses the Twitter API. The idea, he wrote in a blog post at the time, was to show how the Twitter API could be abused to launch other attacks. 

"Even though I have enough vulnerabilities for this month, you are more than [welcome] to send me (via e-mail or Twitter) vulnerabilities you find in third-party Twitter services," he wrote in today's post.