{"id":997,"date":"2008-09-11T05:39:37","date_gmt":"2008-09-11T05:39:37","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=997"},"modified":"2015-09-09T19:39:17","modified_gmt":"2015-09-09T11:39:17","slug":"csrf-vulnerability-in-twitter-allows-forced-following","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2008\/09\/csrf-vulnerability-in-twitter-allows-forced-following\/","title":{"rendered":"CSRF Vulnerability in Twitter Allows Forced Following"},"content":{"rendered":"
[ad]<\/p>\n
I did mention this earlier in the week when I was talking about Twitter being used as a malware distribution platform<\/a>, there also seems to be an auto follow vulnerability that spammers would love.<\/p>\n Do you remember Myspace and samy with 900,000 friends<\/a>? Now we have johng77536<\/a> on Twitter!<\/p>\n Last week, TechCrunch\u2019s Jason Kincaid wrote about an obvious Twitter vulnerability that allowed a user called \u201cjohng77536? to game the popular micro-blogging service to add thousands of followers (subscribers) in a short period of time.<\/p>\n The \u201cjohng77536? account has since been disabled but a security researcher tracking Twitter security flaws and weaknesses has discovered a new vulnerability that lets users easily game the \u201cfollow\u201d system.<\/p><\/blockquote>\n Whoever used this account was pretty stupid though hooking 7000 followers in a day, that raised some alarms for sure and now the account has been deleted.<\/p>\n I would guess however hundreds of other spammers are using the same technique in a much slower fashion to avoid detection. So watch out if you use Twitter you aren’t following some odd accounts that you didn’t manually subscribe to.<\/p>\n