Michael R. Farnum

Hitting the Security Nerve

Twits and disclosure

. What's this?

TAGS:spam, Twitter, vulnerability
IT TOPICS:Internet, Security

Are you a Twit?

So are we!

There have been announcements recently from Aviv Raff of some CSRF (cross site request forgery) and XSS (cross site scripting) vulnerabilities in Twitter that can cause the Twits out there some spam headaches. I am a Twit myself, so this bugs me quite a bit. But seriously, if I am going to use this kind of service, then I have to expect this kind of problem. This is another Web 2.0, 3.0, whatever.0 sites that have attracted a huge following. What is important is how fast the staff gets a fix up and going.

What is also important is how disclosure of the flaws are handled, both by the researcher that found the flaw and by Twitter. With all of the recent disclosure debate lately surrounding the DNS flaw, this kind of thing really needs to be discussed.

Take for instance the announcement of the latest flaw in Twitter. The announcement says:

Twitter security team was notified on 31-July-2008.

Technical details will be added as soon as this vulnerability is fixed.

This is the right way to handle the issue. Let Twitter know, let them fix it, and THEN publish the details (note: this is how Dan Kaminsky handled the issue as well). Don't publish the details before the problem has been fixed . I know Twitter is not as important as DNS is to the Internet (though some might argue that - twit addicts), but the point is the same.

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

Twitter spam test: we caught some spammers!

A Twitter spam test, not an Apple iPhone 4 post ... #FF @richi

Spam, the tasty Tweet; or, how not to make friends

Dumb hacker tweets FourSquare location while hacking Ashton Kutcher

Today's Top Stories

Essential browser tools for Web developers

Hands on: The new iPad

Microsoft cuts the prices of some Office 365 plans

Google works to overhaul its search

Mozilla will start Firefox silent updates in June

Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?

Hot Posts

Facebook Camera for iPhone: 5 reactions

Posted by IT Blogwatch |

Sony reneges on an Ice Cream Sandwich promise

Posted by JR Raphael |

Apple iPhone 5 -- fresh reports claim 4-inch display

Posted by Jonny Evans |

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Internet White Papers

Riverbed Stingray Traffic Manager VA Performance on vSphere 4: Cloud infrastructure platforms like VMware vSphere 4.0 can significantly benefit from load balancers that connect users to the most suitable datacenter. This white...
What to Look For in Solutions For Mobile Device Management: Managing an increasingly mobile workforce has become one of the most challenging - and important - responsibilities for IT departments. This paper examines...
Best Practices to Architect Applications in the IBM Cloud: It's clear that cloud environments are a great way to deliver software-but what are the best ways to use it really well? Read...

Internet Webcasts

Analytics Without Limits: The Latest on Oracle Exalytics In-Memory Machine and Oracle Business Intelligence: Analytics at the Speed of Thought

What if you could run financial and operational planning cycles 10 times faster? Or monitor and adjust...
EMC and VMware Solution Track: The EMC and VMware Solution Track is a single destination for the most up-to-date resources on how EMC can enhance, extend and accelerate...
Lead the Way In the New World of Data: Join us for an expert panel discussion with Microsoft and industry leaders sharing real world solutions and reviewing the latest enterprise roadmap for...

IT Newsletters

Get the latest technology news and analysis on critical issues in the enterprise.

Twits and disclosure

Related Posts

Today's Top Stories

Hot Posts

Michael R. Farnum's Archive

IT Topics