Twitter API ripe for abuse by web worms
A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.
The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, itˇ¦s much easier to misuse the Twitter API as a ˇ§weak linkˇ¨ to send worms squirming through Twitter.
Raff, well-known for his research work on browser and Web application vulnerabilities, points out that a single vulnerability on any of the third-party services (Twitpic, etc.) that use the API can trigger the next Twitter worm.
URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31458
