Twitter Security in Spotlight with Month of Twitter Bugs

Security researcher Aviv Raff is launching a Month of Twitter Bugs in July to call attention to security issues affecting the microblogging service. As part of the initiative, Raff says he will publish a new third-party Twitter service vulnerability every day.

A security researcher has painted a bull's eye on Twitter starting July 1 in the "Month of Twitter Bugs."

The project is a spin on the "Month of Browser Bugs" initiative launched in July 2006. Three years later, Israeli security researcher Aviv Raff-who also participated in the 2006 effort-has said he will dedicate the month of July to calling attention to an issue involving the Twitter API he blogged about in May.

"Each day I will publish a new vulnerability in a third-party Twitter service on the Website," Raff wrote on his blog June 15. "As those vulnerabilities can be exploited to create a Twitter worm, I'm going to give the third-party service provider and Twitter at least 24 hours' heads-up before I publish the vulnerability."

Officials at Twitter did not respond to a request for comment before publication. But the microblogging service has increasingly become attractive to attackers. On May 30, Twitter was hit with a scareware scam designed to trick users into paying for fake anti-virus software, marking the first time attackers had launched that type of attack on the service. In April, a Twitter administrative account was hacked, allowing the hacker to post screenshots of account details for several celebrities.

In May, Raff created a proof-of-concept exploit for a vulnerability in the Website, which uses the Twitter API. The idea, he wrote in a blog post at the time, was to show how the Twitter API could be abused to launch other attacks.

"Even though I have enough vulnerabilities for this month, you are more than [welcome] to send me (via e-mail or Twitter) vulnerabilities you find in third-party Twitter services," he wrote in today's post.