Twitter security moves may not be enough

11 Aug 2009

In the fallout of the denial of service attacks that brought social networking service Twitter to its knees, a warning has gone out that new security measures may not be enough.

It turned out that the attack was aimed at a professor from the Republic of Georgia who went by the user name Cyxymu and who hosted conversations on his LiveJournal account for refugees.

The attack brought the service down for several hours throughout Thursday and Friday.

The Twitter attack also affected access to Facebook and targeted YouTube, all places where Cyxymu had accounts.

Twitter security moves may not be enough

In recent days Twitter quietly begun checking URLs entered into user messages. But Californian security firm Finjan has warned that the new level of security might leave room for improvement on several fronts.

“Twitter encourages the use of shortened URLs, which could be a problem if, as some reports indicate, the Twitter URL check would only work on full-length web addresses,” said Yuval Ben-Itzhak, Finjan’s chief technology officer.

“Furthermore, the Twitter URL-check utilizes databases that need constant updates. This leaves a window-of-opportunity for cybercriminals to infect Twitter users’ PCs,” added Finjan’s CTO. “During the time elapsing between database updates, no adequate protection will be provided.”

Ben-Itzhak went on to say that Finjan applauds Twitter’s ongoing effort to keep its users safe, and suggests boosting the overall security of Twitter with the use of real-time content inspection technologies.

Finjan offers its free SecureTweets browser add-on for Internet Explorer and Firefox. It provides users with look-ahead alerts on the safety of URLs as well as shortened URLs showing on Twitter and other Web 2.0 websites.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years