A coder has developed a hijacking tool to compromise Twitter accounts and then post a warning to the victim.
The tool, named "Idiocy," searches for users insecurely visiting Twitter over public Wi-Fi networks and then hijacks their session to post a tweet informing them they are vulnerable to attack.
A link has also been included in the tweet directing users to a website explaining what has happened once a user has been exploited.
Jonty Wareing, a London-based software developer, has been credited as the tool's creator and he made the exploit code available on GitHub.
He claimed to have been inspired by the creation of the Firesheep tool a Firefox browser extension, which was designed to exploit weak transaction security on social network applications, such as Facebook and iGoogle.
Firesheep allows the hacker to scan for vulnerable active social networking sessions and gives the user a simple-to-use interface to launch attacks.
"A large amount of the communication between individuals today is through social networking sites, where rapid growth is first priority and security is an after thought, but most don't implement any sort of encryption at all," said Daniel Peck, research scientist at Barracuda Networks.
"The only way to make these attacks go away for good is for application level encryption (such as SSL) to be ubiquitous. While it is certainly more common than just a few years ago, most sites are either still missing the feature or they are implementing it incorrectly."
While the majority of login pages are protected by SSL, often the secure connection is subsequently abandoned by the site, he explained.
"The user is dropped back to an insecure connection that exposes the cookie or session ID that uniquely identifies the user allowing tools like Firesheep to impersonate the account," Peck added.
Social networks have increasingly become the target of cyber criminals; this week a Mac version of the dangerous Koobface trojan was discovered.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
