Unemployed IT Worker Of The Month

"A Frenchman who broke into Barack Obama and Britney Spears' Twitter feeds insisted Thursday he is no hacker but a `kind pirate` seeking to expose security weaknesses.

"`I did not act with a destructive aim ... I wanted to warn them, to show up the faults in the system,` said the 23-year-old, who was arrested Tuesday after an operation by French police and FBI agents.

"The curly-haired unemployed computer technician wore a pair of slippers adorned with smiley faces as he sat in his parents' home in central France and told of how he broke into the popular micro-blogging site.

"Francois C., who spoke to AFP on condition that his full surname not be used, is accused of breaking into Twitter and Google accounts, including ones used by US president Obama and pop star Spears..."

Full article at EXPATICA.com...

Hacking Twits For Fun And Profit

"According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars.

"Since 2005, the bad guys have been developing new data-stealing malware that is now a growing problem on the Internet. Some of these programs look for banking passwords, others hunt for on-line gaming credentials. But the fastest-growing data stealers are generic spying programs that try to steal as much information as possible from their victims, said Kaspersky Researcher Dmitry Bestuzhev, speaking at a press event Friday.

"In 2009, Kaspersky identified about 70,000 of these programs -- twice as many as the year before, and close to three times the number of banking password stealing programs.

"They're popular because criminals are starting to realize that they can do better than simply swiping credit card numbers. Bestuzhev has seen Gmail accounts for sale on Russian hacker forums, (asking price 2,500 rubles, or $82) RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials being offered.

"Asking prices can vary greatly, depending on the name of the account and the number of followers, but attackers are looking for an initial, trusted, stepping stone from which to send malicious Twitter messages and, ideally, infect more machines.

"Bestuzhev said that one Twitter account, with just over 320 followers, was offered at $1,000 in an underground hacker forum. The user's name was a simple three letter combination that Bestuzhev thought might make it more valuable to criminals. Compare that to an MSN account, which Bestuzhev has seen priced at €1 ($1.40). `The price for Twitter accounts is really high,` he said."

More at ComputerWorld...

Twit PWNAG3 "Rampant"

"Social networks are rapidly becoming a primary channel to market for malware distributors and other cyber-criminals as the use of popular sites such as Twitter continues to take off, and the communications vehicles subsequently create new opportunities for attackers to hide their threats using features such as so-called link shorteners.

"Attackers have been working to infiltrate and abuse social networks for years, but the issue is becoming truly pervasive nowadays as they shift even more of their efforts away from more traditional electronic messaging systems and distribute a greater share of their nefarious content over so-called Web 2.0 sites, in particular Twitter, according to Symantec security researcher Ben Nahorney.

"The distribution of malware infection links over Twitter has become particularly problematic of late, Nahorney noted in a recent blog post. Since the 140 character limit for posts to made over micro-blogging platform has lead to widespread use of URL-shorteners obscure address details, and even savvy users of Twitter are likely taking bigger risks, the implication appears to be..."

More at eWeek...

Jesus Hates Twits

'Hackers hijacked the Church News Twitter account last weekend and Twitter staffers took down the site early today because the infiltrators had gained total control over the feed.

"Charlie Craine, director of interactive media for the Deseret News, said he realized Sunday night that the Church News account had been compromised.

"`We tried to get it back,` he said, but he soon realized that the hacker had even been able to change the password and lock him out.

"`I don't know how they got the password,` Craine said. `I'm very skeptical (of Twitter) now.` He expressed concern for other Twitter accounts the Deseret News operates."

From Deseret News...

Brit Twit Quits

"A magistrate has resigned from the bench following a complaint about his use of the Twitter network.

"IT consultant Steve Molyneux, from Telford, Shropshire, posted messages on the social networking site about cases at the town's magistrates' court.

"He said everything he reported on Twitter had already been said in open court and he had done nothing illegal.

"Mr Molyneux said he had been making use of the latest technology to bring `transparency` to the judicial system."

From the BBC...

Twits PWN3D

"Micro-blogging site Twitter suffers from a potentially devastating vulnerability that forces logged-in users to post messages of an attacker's choice simply by clicking on a link.

"The XSS, or cross-site scripting, error was discovered by Secure Sciences Corp researchers Lance James and Eric Wastl, who have fashioned [a] link to demonstrate their finding. Clicking on it while logged in to Twitter causes users to immediately broadcast an innocuous message to all of their followers...

"Of course, it would be just as easy to craft links that do considerably more damage. Tweets are limited to just 140 characters, making it almost mandatory to use shortened URLs that obscure their final destination. While it's possible to preview the link before visiting, many Twitter users have grown so accustomed to them they click on them directly."

From The Register...