A security researcher has painted a bull’s eye on Twitter starting July 1 in the “Month of Twitter Bugs.”
The project is a spin on the “Month of Browser Bugs” initiative launched in July 2006. Three years later, Israeli security researcher Aviv Raff-who also participated in the 2006 effort-has said he will dedicate the month of July to calling attention to an issue involving the Twitter API he blogged about in May.
“Each day I will publish a new vulnerability in a third-party Twitter service on the twitpwn.com Website,” Raff wrote on his blog June 15. “As those vulnerabilities can be exploited to create a Twitter worm, I’m going to give the third-party service provider and Twitter at least 24 hours’ heads-up before I publish the vulnerability.”
Officials at Twitter did not respond to a request for comment before publication. But the microblogging service has increasingly become attractive to attackers. On May 30, Twitter was hit with a scareware scam designed to trick users into paying for fake anti-virus software, marking the first time attackers had launched that type of attack on the service. In April, a Twitter administrative account was hacked, allowing the hacker to post screenshots of account details for several celebrities.
In May, Raff created a proof-of-concept exploit for a vulnerability in the Website Twitpic.com, which uses the Twitter API. The idea, he wrote in a blog post at the time, was to show how the Twitter API could be abused to launch other attacks.
“Even though I have enough vulnerabilities for this month, you are more than [welcome] to send me (via e-mail or Twitter) vulnerabilities you find in third-party Twitter services,” he wrote in today’s post.