Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

View all posts > 

Filtered by : Twitter

Twitter Adopt 2FA; Here Is What You Can Do

Posted: 23 May 2013 09:01 AM | Drendell_


In the wake of recent account compromises, including Associated Press and the rampant breaches orchestrated by the "Syrian Electronic Army", Twitter have recently released 2FA (2 Factor Authentication), which is a most welcome addition to bolster users' security. It is not, however, the be-all and end-all: users are still responsible for choosing strong, hard-to-guess passwords. If your password is compromised, control of your account may be lost to malicious actors.

 

While it's true that, given enough time and resources, all passwords are crackable regardless of their complexity – a pass-string of 200 random characters is ultimately just as vulnerable to brute forcing as a password containing just one character – the aim of a complex pass-string  is to make an attack chronologically infeasible. Let’s first take a look at the total number of possible combinations for a given base of elements:

 

 

 

...

Read more > 

Filed under: , ,

no comments

Battered Twitter, Phish but no Chips! [Updated]

Posted: 05 Feb 2013 04:47 PM | Carl Leonard


Hot on the heels of Friday’s announcement by Twitter that they ‘detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data’ and subsequent confirmation that ‘attackers may have had access to limited user information’ for  ‘approximately 250,000 users’,  Websense® Security Labs™ are tracking a phishing campaign propagated via Twitter’s direct message functionality.

...

Read more > 

Filed under: , ,

no comments

London Olympics Search Results Lead to Objectionable Sites

Posted: 10 Aug 2012 05:58 PM | Elisabeth Olsen


We’ve previously blogged about Olympic ticket scams , phishing , malware designed to propagate through social networking, and other Olympic security concerns . We also know that hackers take advantage of people searching for breaking news and trending topics about the Olympics through various SEO poisoning techniques. When Georgian luger Nodar Kumaritashvilii died in a tragic training accident just before the Vancouver Olympics in 2010, multiple malware pages quickly appeared in the top search results. Clicking these links led to pages that included pop-up warnings telling the user to click a button to view a video or to clean up computer problems. Of course, clicking led to malware attacks. SEO poisoning remains a problem, but Google seems to have a better handle on it where searches related to the London Olympics are concerned, at least in English. When we started using Russian search terms, however, things deteriorated quickly. Using the Russian translation for "watch 2012 Olympics online", we did a Google search and clicked on the second item: While the domain itself is correctly categorized as sports, it's clear some objectionable content is popping up in the ads: In addition, clicking on the page redirects to various questionable places, including information on how to control men: In another investigation, Websense® researchers analyzed Twitter traffic based on popular Olympics-related terms, events, and athletes starting two days before the Opening Ceremony through August 8th. Not surprisingly, traffic peaked on the day the Games opened, and three days later when Olympians Tom Daley, Michael Phelps, Ruta Meilutyte, and Maria Sharapova topped the Google trends. Looking more closely at the data, we found that a handful of Twitter feeds from certain athletes and teams were posting shortened URLs which redirected to Objectionable or Security categories, including Malicious Web Sites and Malicious Embedded Link: We took a sample set of 3600 of these, unshortened them, and analyzed the category breakdown: Websense customers are protected from these threats by our Advanced Classification Engine™ ( ACE ).

Read more > 

Filed under: ,

no comments

My email address was shared on Twitter, but who cares?

Posted: 19 Jan 2012 02:11 AM | Elad Sharf


Websense Security Labs™ has found that thousands of businesses and consumers are putting themselves at risk each day by publicly revealing their email addresses on Twitter. We conducted research on how data that might be considered private is exposed via Twitter. The research focused on shared data, in particular email addresses, that can potentially be used against the one (or the organization) that shared it. During the research we monitored Twitter over a 24 hour period and found that users were publicly sharing email addresses connected with their inboxes, social media identities, and bank accounts. This leaves them open to advanced ‘social spear phishing’ attacks and spam campaigns. Social spear phishing sees criminals attacking harvested email addresses with information gleaned from monitoring users’ Twitter conversations. It's recommended that businesses update all acceptable use policies to warn employees of this risk. Our research found that thousands of Email addresses are publicly shared daily via Twitter: * More than 11,000 email addresses were shared worldwide [Research data was collected over a 24-hour period in January 2012 ] Gmail, Hotmail and many other free web-based email services are particularly under threat as cyber criminals can harvest social information on individuals via Twitter to break into these accounts. We realise that sometimes you need to share your email address. Here are some security tips on how to best avoid your shared data potentially being used against you: • Use direct messages (DMs) for sending email addresses to contacts on Twitter • Treat emails from friends linking you to other sites with caution • Never use passwords that can be inferred from publicly accessible information • Since email is an often used route into a company by cybercriminals, ensure your email security has superior malware protection against modern threats

Read more > 

Filed under: ,

no comments

Typosquatting social web gains top Alexa ranking

Posted: 11 Jan 2012 01:00 AM | uwang


Websense® ThreatSeeker® Network has detected fraudulent Web sites that have made it to the global top 250 high Alexa ranking list. These are amazing results for fraudulent Web sites, as some of them rank even better than genuine big name portals. In this campaign, the fraudulent sites pretend to be from YouTube, and they try to lure you in by saying you have been selected to complete a survey for a chance to win a gift such as an iPhone 4S. Survey scams were very common in the past year, and were usually spread within social networks like Facebook or Twitter. They often used hot topics to lure visitors. We have already blogged about these incidents, and customers are encouraged to educate themselves about these attacks so they do not to fall for this kind of technique. Here is the snapshot of the current campaign: An interesting thing we found is that survey campaigns that spread in social networks are usually localized by area or language. This means that traffic for spam sites used in campaigns are limited to related countries or regions. However, video rewards survey campaigns can spread globally as they have a high Alexa rank almost in every country, and they have no language barrier. Additionally, the spam site server checks the IP addresses of visitors and shows the location information on the page to appear more authentic. One of the spam sites used in this campaign is video-rewardz.com, which at its peak, reached Alexa’s top 250 list. The spam site has a high Alexa rank dating from Dec 19th 2011. The spam site is still available now and has a lot of traffic. How is it possible for spam sites to have so much traffic? After conducting some research, we found that the major source is from mistyping of the twitter.com Web site. This type of attack is called typosquatting, and it is not new. We have blogged about this in the past; yet this campaign is popular because attackers get good results from this campaign. The attacker needs to register several typosquatting sites for Twitter and redirect the typosquat site to another site such as video-rewardz.com. This explains why it is global spam campaign, and why it can generate so much traffic. Twitter is very popular site and it’s easy for people to mistype this URL. To prevent such attacks, some big names like Google or Facebook have registered some names that can be easily mistyped for their portal. However, Twitter has not done this and this makes them susceptible to such attacks, causing them to have an extremely high Alexa rank spam sites. Listed below are typosquatting sites registered by attackers: ttwitter.com twwitter.com twiitter.com twittter.com twitterr.com twutter.com twiter.com Additionally, we also found other spam sites related to this campaign. Some of them have already been used in the campaign and have a high Alexa rank, whilst others may potentially be used in future. videorewardcentral.com videorewardsonline.com socialupdatepanel.com videorewardstoday.com...

Read more > 

Filed under: ,

no comments

Lady Gaga's Twitter account tweeting links to survey scam

Posted: 19 Dec 2011 06:40 PM | Anonymous


The Twitter account of famous singer Lady Gaga has apparently been hacked. It's being used by attackers to lure her more than 17 million followers to click on a link: After a number of redirects, the link ultimately leads to a survey scam that is designed to harvest personal information: The first link uses the URL shortener bit.ly, which has suspended the link as " being potentially problematic." Although this should keep most users away from the scam for now, the attackers are likely to post new tweets that include phishing or malicious URLs as long as they have control of the account. The Twitter community has responded by sharing the fact that Lady Gaga's account shouldn't be trusted. This led to #stophackinggaga as a trending Twitter topic at the time this post was written. As always, be careful of links you click on Twitter, even when they appear to come from trusted accounts. Customers who are using Websense security products are protected from this spam campaign through our ACE technology and TRITON™ solutions .

Read more > 

Filed under: , ,

no comments

Twitter OnMouseOver Flaw In The Wild

Posted: 21 Sep 2010 02:28 PM | Carl Leonard


As of this morning we have been monitoring a flaw on twitter.com that delivers pop-ups to Twitter users when they move their mouse cursor over a specially crafted tweet. There is also the potential to deliver status updates when mousing over a tweet and altering the display of the Twitter status on user's profile pages. The affected tweets contain JavaScript that runs the OnMouseOver event (this event enables the code specified in the Tweet to run without requiring the user to click). This morning we saw Proof Of Concepts of the Twitter command being posted by Twitter users and then began to see end users tweeting the code virally. There is the potential for malware authors to spread malicious tweets using the flaw to direct users to other Web sites. As of writing, hundreds of new tweets per second are being published on twitter.com using the OnMouseOver flaw. Twitter users whose accounts have been affected by the flaw include journalists and high-profile celebrities. Examples of compromised accounts: Our advice is to use an alternative to the twitter.com Web site if you need to update your Twitter status. UPDATE As of 3pm UK time Twitter Safety is reporting that the XSS flaw is no longer exploitable.

Read more > 

Filed under: , ,

no comments

Twitter Spam: Is It Just Me Or…

Posted: 25 Sep 2009 06:26 PM | Defensio, the blog


Is it just me, or spam on Twitter has been growing exponentially recently? I've always been getting the occasional good-looking-not-very-dressed new follower notification by email, but recently, I've been receiving @ messages like this: What is your experience with this? What kind of spam are you seeing on Twitter? Is there anything Defensio could do to make your life better on Twitter?

Read more > 

Filed under: ,