Twitter API ripe for abuse by web worms

A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.

The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, it¡¦s much easier to misuse the Twitter API as a ¡§weak link¡¨ to send worms squirming through Twitter.

Raff, well-known for his research work on browser and Web application vulnerabilities, points out that a single vulnerability on any of the third-party services (Twitpic, etc.) that use the API can trigger the next Twitter worm.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31458