Archive | 2014

tinfoleak – Get Detailed Info About Any Twitter User

Find your website's Achilles' Heel


tinfoleak is basically an OSINT tool for Twitter, there’s not a lot of stuff like this around – the only one that comes to mind in fact is creepy – Geolocation Information Aggregator.

tinfoleak is a simple Python script that allow to obtain:

  • basic information about a Twitter user (name, picture, location, followers, etc.)
  • devices and operating systems used by the Twitter user
  • applications and social networks used by the Twitter user
  • place and geolocation coordinates to generate a tracking map of locations visited
  • show user tweets in Google Earth!
  • download all pics from a Twitter user
  • hashtags used by the Twitter user and when are used (date and time)
  • user mentions by the the Twitter user and when are occurred (date and time)
  • topics used by the Twitter user

tinfoleak

You can filter all the information by:

  • start date / time
  • end date / time
  • keywords

You can download tinfoleak here:

tinfoleak-1.2.tar.gz

Or you can read more here.


Posted in: Hacking Tools, Privacy

Tags: , , , , , , ,

Posted in: Hacking Tools, Privacy | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,674 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,475,564 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,818 views

Get protected with Sucuri


Twitter Vulnerability Allows Deletion Of Payment Details

Find your website's Achilles' Heel


Twitter has been in the news a lot lately, firstly about their patent filing regarding the pro-active scanning on the web for malware and then the bug bounty going live – which is related to this story.

This is a pretty neat Twitter vulnerability that was discovered by someone taking part in the Twitter bug bounty program that we wrote about earlier this month.

Twitter Vulnerability

It’s not a massively dangerous vulnerability, in terms of the average Twitter user – but it could have been very disruptive to Twitter itself if undiscovered as a malicious user could have removed payment details from any account it could find the username/account ID for.

A researcher has uncovered a vulnerability on one of Twitter’s subdomains that could have been exploited to delete all the payment cards used by customers to pay for advertisements.

Companies and individuals that want to run ad campaigns on Twitter’s platform are required to add a payment card to their account. Egyptian security researcher Ahmed Aboul-Ela discovered multiple Insecure Direct Object Reference flaws that could have been leveraged by an attacker to delete the cards associated with Twitter Ads.

Aboul-Ela identified the first vulnerability after analyzing the POST request sent to the server when the “Delete this card” button is clicked. The request contained the parameters “account,” the ID of the Twitter account, and ” id,” a 6-digit number associated with the customer’s credit card. By changing the value of these parameters to one of a different account he owns, the researcher managed to delete the card.

While this method required the attacker to know the targeted user’s Twitter account ID, the second vulnerability found by the Egyptian expert is far easier to exploit.


It would be fairly trivial to write a brute force script to delete all cards from all accounts and effectively halt all Twitter advertising campaigns, which would save a lot of people money, and cost Twitter a lot of money.

But the vulnerability was disclosed responsibly and fixed two days after it being divulged to Twitter, the researcher received $2,800 for this vulnerability, which is a fairly respectable amount.

If users add invalid credit cards to their Twitter Ads accounts, they’re presented with two options: try to add the card again, or dismiss it. Dismissing a card is the same as deleting it, and the researcher soon realized that he could perform this action on valid cards already added to accounts. After analyzing the POST request, Aboul-Ela found that unlike the previous attack method, this one only required the attacker to know the 6-digit ID associated with the card.

“Imagine a blackhat hacker that could write a simple Python code and use a simple for loop on 6 numbers he could delete all credit cards from all Twitter accounts which will result in halting all the Twitter ads campaigns and incur big financial loss for Twitter,” the researcher explained in a blog post.

Aboul-Ela said Twitter addressed the vulnerabilities within two days after being notified. The company rewarded him with a $2,800 bounty.

Twitter has been running a bug bounty program on the HackerOne platform for the past three months, but at the beginning of September, the company decided to start handing out monetary rewards for researchers who contribute to making the service more secure. The minimum reward is $140, but a maximum limit has not been set. The bounty paid by Twitter to Aboul-Ela is the largest so far.

It’s good to see some interesting stuff coming out of the Twitter bug bounty program and I hope to see more, especially things like this which are pretty clever edge case scenarios that developers really wouldn’t think of addressing.

More companies should be running more effective bug bountry programs and securing them against potentially devastating attacks like this.

Source: Security Week


Posted in: Exploits/Vulnerabilities, Web Hacking

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,812 views
- AJAX: Is your application secure enough? - 120,264 views
- eEye Launches 0-Day Exploit Tracker - 85,737 views

Get protected with Sucuri


StegExpose – Steganalysis Tool For Detecting Steganography In Images

Your website & network are Hackable


StegExpose is a steganalysis tool specialized in detecting steganography in lossless images such as PNG and BMP (LSB – least significant bit type). It has a command line interface and is designed to analyse images in bulk while providing reporting capabilities and customization which is comprehensible for non forensic experts.

Steganography is the art or practice of concealing a message, image, or file within another message, image, or file. The word steganography combines the Ancient Greek words steganos, meaning “covered, concealed, or protected”, and graphein meaning “writing”.

StegExpose rating algorithm is derived from an intelligent and thoroughly tested combination of pre-existing pixel based staganalysis methods including:

  • Sample Pairs by Dumitrescu (2003)
  • RS Analysis by Fridrich (2001)
  • Chi Square Attack by Westfeld (2000)
  • Primary Sets by Dumitrescu (2002)

In addition to detecting the presence of steganography, StegExpose also features the quantitative steganalysis (determining the length of the hidden message).

Detecting Steganography In Images

Usage

[directory] – directory containing images to be diagnosed

[speed]Optional. Can be set to ‘default’ or ‘fast’ (set to ‘default if left blank). default mode will try and run all detectors whereas fast mode will skip the expensive detectors in case cheap detectors are able to determine if a file is clean.

[threshold]Optional. The default value here is 0.2 (for both speed modes) and determines the the level at which files are considered to be hiding data or not. A floating point value between 0 and 1 can be used here to update the threshold. If keeping false positives at bay is of priority, set the threshold slightly higher ~0.25. If reducing false negatives is more important, set the threshold slightly lower ~0.15

[csv file]Optional. Name of the csv (comma separated value) file that is to be generated. that If left blank, the program will simply output to the console.

Performance

The accuracy and speed of StegExpose has been tested on an image pool of 15,200 lossless images, where 5,200 of them were stego images (images with hidden data) created with the tools OpenStego, OpenPuff, SilentEye and LSB-Steganography. Embedding rates range from 2.5% to 25.3% with an average of 13.8% (secret data / cover image).

You can download StegExpose here:

master.zip

Or read more here.


Posted in: Countermeasures, Cryptography

Tags: , , , , , , , ,

Posted in: Countermeasures, Cryptography | Add a Comment
Recent in Countermeasures:
- Bearded – Security Automation Platform
- An Introduction To Web Application Security Systems
- OpenIOC – Sharing Threat Intelligence

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,264 views
- Password Hasher Firefox Extension - 117,881 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,751 views

Get protected with Sucuri


Recent in Password Cracking:
- IGHASHGPU – GPU Based Hash Cracking – SHA1, MD5 & MD4
- SamParser – Parse SAM Registry Hives With Python
- RWMC – Retrieve Windows Credentials With PowerShell

Related Posts:

Most Read in Password Cracking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,475,564 views
- Password Cracking Wordlists and Tools for Brute Forcing - 589,903 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 436,456 views

Get protected with Sucuri


Lynis v1.6.0 Released For Download – Linux Security Auditing Tool

Find your website's Achilles' Heel


Lynis is an open source linux security auditing tool. The primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

It’s a great tool for auditing *nix based systems and hardening them based on the recommendations, it works well on a variety of systems including Linux, AIX, FreeBSD, OpenBSD, Mac OS X & Solaris.

Lynis - Linux Security Auditing Tool

We’ve written about this tool a few times, when it first came out in 2008 – Lynis – Security & System Auditing Tool for UNIX/Linux and again in 2009 – Lynis 1.2.6 Released – UNIX System & Security Auditing Tool.

How it works

Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.

Typical use cases for Lynis:

  • Security auditing
  • Vulnerability scanning
  • System hardening

Why open source?

Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence. It does so with extensive auditing of your systems. This way you can verify and stay in control of your security needs.

You can download Lynis v1.6.0 here:

lynis-1.6.0.tar.gz

Or read more here.


Posted in: Linux Hacking, Security Software

Tags: , , , , , , , ,

Posted in: Linux Hacking, Security Software | Add a Comment
Recent in Linux Hacking:
- wildpwn – UNIX Wildcard Attack Tool
- Cyborg Hawk Linux – Penetration Testing Linux Distro
- The Linux glibc Exploit – What You Need To Know

Related Posts:

Most Read in Linux Hacking:
- Kon-Boot – Reset Windows & Linux Passwords - 140,572 views
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking - 126,875 views
- BackTrack v2.0 – Hackers LiveCD Finally Released - 101,350 views

Get protected with Sucuri


Twitter Bug Bounty Official – Started Paying For Bugs

Your website & network are Hackable


So the Twitter bug bounty program is now official, they are actually paying – and not a bad amount too. A minimum of $140 for a confirmed bug with no defined maximum.

This includes the Twitter website itself and any sub-domain (mobile, ads, apps etc), and the official mobile apps for iOS and Android. It’s somewhat strange it doesn’t mention Windows Phone as well, but I’d assume that’s included as it’s also an official app.

Twitter Bug Bounty

You can see the official tweet on the matter here:

Set up through the security response and bug bounty platform HackerOne, the program offers a minimum of $140 per threat. The maximum reward amount has not been defined.

The company is currently asking bug hunters to submit reports about bugs on its Twitter.com domain and subdomains (ads.twitter.com, apps.twitter.com, tweetdeck.twitter.com, and mobile.twitter.com) and its iOS and Android apps.

“Any design or implementation issue that is reproducible and substantially affects the security of Twitter users is likely to be in scope for the program,” the company pointed out. “Common examples include: Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Remote Code Execution (RCE), unauthorized access to protected tweets, unauthorized access to DMs, and so on.”


It includes all kinds of vulnerabilities, including those which some other companies brush off as “non-serious” like CSRF and XSS especially. Just don’t bother if you’re from Cuba, Sudan, North Korea, Iran or Syria because you won’t get paid.

They specifically list:

  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Remote Code Execution (RCE)
  • Unauthorized Access to Protected Tweets
  • Unauthorized Access to DMs

Reports about bugs on other Twitter properties or applications are welcome, but will not be eligible for a monetary reward – bug hunters will have to be content with a mention on the Twitter’s Hall of Fame, which is already populated with the names of 44 hackers.

In fact, Twitter’s bug reporting program on HackerOne has been up for three months now, but the company has only now announced that it will start paying out bounties.

So far, 46 of the reported bugs have been closed by the company’s security team, but reports received prior to September 3, 2014, are not eligible for monetary rewards.

“Maintaining top-notch security online is a community effort, and we’re lucky to have a vibrant group of independent security researchers who volunteer their time to help us spot potential issues,” the company noted, adding that the bug bounty program was started to “recognize their efforts and the important role they play in keeping Twitter safe for everyone.”

Things that do not quality (are outside the scope of the program) are issues such as:

  • Issues related to software or protocols not under Twitter control
  • Reports from automated tools or scans
  • Reports of spam (see here for more info)
  • Vulnerabilities affecting users of outdated browsers or platforms
  • Social engineering of Twitter staff or contractors
  • Any physical attempts against Twitter property or data centers

The full details of the program can be found here: https://hackerone.com/twitter

It’s good to see more companies that are supporting responsible disclosure and putting their money where their mouths are. And honestly, the amount of money they have to pay out to make their platform and users more secure is minuscule compared to their over-bloated valuations.

Source: Help Net Security


Posted in: Exploits/Vulnerabilities, Web Hacking

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- PunkSPIDER – A Web Vulnerability Search Engine
- Dropbox Hacked – 68 Million User Accounts Compromised
- PowerOPS – PowerShell Runspace Portable Post Exploitation Tool

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 235,812 views
- AJAX: Is your application secure enough? - 120,264 views
- eEye Launches 0-Day Exploit Tracker - 85,737 views

Get protected with Sucuri


BurpSentintel – Vulnerability Scanning Plugin For Burp Proxy

Your website & network are Hackable


BurpSentintel is a plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications.

Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. It’s purpose is not to automatically scan for vulnerabilities (even if it can do it in certain cases), as there are better tools out there to do that (BURP scanner for example). So it’s the only tool which sits in between manual hacking with BURP repeater, and automated scanning with BURP scanner.

BurpSentintel - Vulnerability Scanning Plugin For Burp Proxy

To use it, just send a suspicious HTTP request from BURP proxy to Sentinel. Then the user is able to select certain attack patterns for selected parameters (say, XSS attacks for parameter “id”). Sentinel will issue several requests, with the attack patterns inserted. It will also help find suspicious behaviour and pattern in the accompaining HTTP responses (for example, identify decoded HTML magic chars).

Features

  • AutomatedDetection Automated XSS/SQL Detection
  • AttackLists Self-Defined Attack Lists
  • Sessions Session Definition
  • Categorizer Categorizer
  • Reporter Generate Report
  • FirefoxAddon Firefox Addon

You can download BurpSentinel here:

BurpPlugin-full.jar

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool
- BBQSQL – Blind SQL Injection Framework
- DET – Data Exfiltration Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,991,674 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,475,564 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 686,818 views

Get protected with Sucuri


Massive Celeb Leak Brings iCloud Security Into Question

Find your website's Achilles' Heel


So this leak has caused quite a furore, normally I don’t pay attention to this stuff – but hey it’s JLaw and it’s a LOT of celebs at the same time – which indicates some kind of underlying problem. The massive list of over 100 celebs was posted originally on 4chan (of course) by an anonymous user who seems to have collected/bought the pictures using Bitcoin.

Celebrity Nudes on 4Chan

Some fingers are being pointed at iCloud and the security of it, as many of these pictures have been deleted and have been somehow rescued from the cloud. Some of the users are claiming they use Android though, but they might have synced the pictures to their Macbook and that was uploaded to iCloud.

Naked photos of celebrities including Jennifer Lawrence, Kate Upton and Ariana Grande have been published online by an anonymous hacker who reportedly obtained the explicit pics from the victims’ Apple iCloud accounts.

Nude photos of 17 celebrities have been published online. The anonymous hacker posting on grime-‘n-gore board 4chan claimed to possess naked pics of more than 100 celebrities in total.

Lawrence’s publicist Bryna Rifkin confirmed the validity of the photos and condemned their publication.

“This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,” Rifkin told Buzzfeed.

However a separate set of images included in the hacked celeb haul purporting to show singer Victoria Justice in various states of undress were called out as fake.

Justice published a photograph where her face was clearly taken from an earlier photo and plastered on the body of a naked woman.

Other photos appeared legitimate but were not yet confirmed by those affected.


There’s not a lot of details right now, but there is a whole lot of speculation about what’s going on (Google Drive, Dropbox, iCloud and more). This is why if you use an iPhone you should know what Photo Stream is (and how to disable it), or Dropbox Camera Upload, or Google Photo Sync.

I’m guessing there’s more to come as only a few of the pictures have been released so far. I’m not sure if Apple are even going to bother saying anything, as well even when there’s a fairly security flaw they tend to just keep quiet. iCloud security issue? Who cares man.

The identity of the unscrupulous hacker including any alias appeared to be unknown. They posted the images to the 4chan ‘/b/’ image board from where it was quickly circulated on social media sites including Reddit.

The assailant seems likely to face a well-resourced investigation by US authorities, who take a dim view of this sort of thing.

In June, Romanian hacker Marcel Lazar Lehel, a.k.a. Guccifer, was sentenced and faced seven years jail with three years served for hacking email accounts of former US President George Bush along with other US officials, celebrities and UK pollies.

And in 2011 Florida man Christopher Chaney was arrested after he hacked the email accounts of Scarlett Johansson and some 49 other celebrities and was sentenced to 10 years’ gaol.

The hacking serves as a timely reminder to ensure important passwords were not reused across websites or services and were not based on single words or common phrases.

There was an interesting proof of concept of an AppleID bruteforcing tool here – ibrute – which is fixed now, but it could have been used to pop these accounts. It authenticated against the Find My iPhone API which had no bruteforce protection implemented.

There’s even an entire subreddit about the leak here, which has been labelled ‘The Fappening’ – http://www.reddit.com/r/thefappening

Let’s see what more info (if any) comes out after this.

Source: The Register


Posted in: Apple, Privacy

Tags: , , , , , , , , , , , , ,

Posted in: Apple, Privacy | Add a Comment
Recent in Apple:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,064 views
- Apple Struggling With Security & Malware - 24,143 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 15,993 views

Get protected with Sucuri


IronWASP – Open Source Web Security Testing Platform

Find your website's Achilles' Heel


IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.

IronWASP - Open Source Web Security Testing Platform

Features

  • It’s Free and Open source
  • GUI based and very easy to use, no security expertise required
  • Powerful and effective scanning engine
  • Supports recording Login sequence
  • Reporting in both HTML and RTF formats – Click here to view the sample report
  • Checks for over 25 different kinds of well known web vulnerabilities
  • False Positives detection support
  • False Negatives detection suppport
  • Industry leading built-in scripting engine that supports Python and Ruby
  • Extensibile via plug-ins or modules in Python, Ruby, C# or VB.NET

Bundled Modules

  • WiHawk – WiFi Router Vulnerability Scanner
  • XmlChor – Automatic XPATH Injection Exploitation Tool
  • IronSAP – SAP Security Scanner
  • SSL Security Checker – Scanner to discover vulnerabilities in SSL installations
  • OWASP Skanda – Automatic SSRF Exploitation Tool
  • CSRF PoC Generator – Tool for automatically generating exploits for CSRF vulnerabilities
  • HAWAS – Tool for automatically detecting and decoding encoded strings and hashes in websites

Plugins

IronWASP has a plugin system that supports Python and Ruby. The version of Python and Ruby used in IronWASP is IronPython and IronRuby which is syntactically similar to CPython and CRuby. However some of the standard libraries might not be available, instead plugin authors can make use of the powerful IronWASP API.

You can download IronWASP here:

ironwasp.zip

Or read more here.


Posted in: Security Software, Web Hacking

Tags: , , , , , , ,

Posted in: Security Software, Web Hacking | Add a Comment
Recent in Security Software:
- Bearded – Security Automation Platform
- An Introduction To Web Application Security Systems
- OpenIOC – Sharing Threat Intelligence

Related Posts:

Most Read in Security Software:
- Top 15 Security/Hacking Tools & Utilities - 1,991,674 views
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,171,833 views
- Password Hasher Firefox Extension - 117,881 views

Get protected with Sucuri


Twitter Patents Technique To Detect Mobile Malware

Find your website's Achilles' Heel


So it was discovered that Twitter has been granted a patent which covers detection of mobile malware on websites to protect its user base. The patent was filed back in 2012, but well – as we know these things take time.

The method is something like the technology Google uses in Chrome to warn you if a webpage is malicious and it prompts you not to visit.

Twitter Patent to Detect Mobile Malware

It utilises multiple signals to detect mobile malware and protect the user from being infected (by calculating the probably of the page being malicious).

Twitter has been granted a patent for detecting malware on mobile sites, according to a filing made public this month.

According to the patent, filed back in 2012, Twitter could protect users from malware by crawling websites with “an emulated mobile device to cause behaviors to occur which may be malicious.” After Twitter’s bot visits a given mobile site, the “behaviors … are stored [and] classified as hard or soft signals.”

From there, Twitter’s patent describes a method for assessing the “probability of the webpage being malicious,” after which it is “classified as malicious or non-malicious.” Finally, Twitter describes how visitors of the site, the site’s developer, and the “distributor of the webpage” (perhaps the user who tweeted the link) will be alerted if the site has been classified as malware.


It seems like social networks, search engines etc want to take more responsibility for protecting their users (like the malware warnings on search results within Google and the Chrome warning splash page.

They think it adds value to their networks, which it does in a way – and of course it makes the user experience more positive, which is always a benefit. And this is definitely a more pro-active response than just acting on user reports and spam flags.

Most interestingly, the patent mirrors a similar system already implemented by Google on Google.com and within Chrome. Google alerts users with a warning splash page [below] which attempts to block users from accessing the site.

Twitter’s interest in preventing the spread of malware highlights new responsibilities for the social network as it continues to grow. Implementing such a system does not directly affect Twitter in the way the company’s anti-spam efforts have. Instead, this initiative to crawl the mobile web for malware would be a preventative effort to keep Twitter’s name clean.

In VentureBeat’s own tests, Twitter did not flag any sites known by Google for distributing malware on iOS or desktop, suggesting that the tech behind the patent is not publicly in use. Reached for comment, Twitter offered a boilerplate response.

It seems the technology is not yet actually in use on the Twitter platform, as you can still spread malware laden URLs without warning.

Perhaps the technology is still in staging/testing phase – or perhaps they are starting to realise how long it takes to spider the web for malware. A very long time.

It’ll be interesting to see if they start using it soon.

Source: VentureBeat


Posted in: Countermeasures, Malware

Tags: , , , , , ,

Posted in: Countermeasures, Malware | Add a Comment
Recent in Countermeasures:
- Bearded – Security Automation Platform
- An Introduction To Web Application Security Systems
- OpenIOC – Sharing Threat Intelligence

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,264 views
- Password Hasher Firefox Extension - 117,881 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,751 views

Get protected with Sucuri