Hackers embed attacks in Twitter profile images

I am rather miffed with Twitter for this breach in security. It’s such an old and well-known method of attack that it is beyond forgiveness that it wasn’t stopped at the source.

I was going through my latest ‘followers’ and this popped up :

Hackers embed attacks in Twitter profile images

I assume it was in one of the Britney type I blocked but what disturbs me is that a) it ever got through and b) it’s flagged at a known attack

If one got through you can be very sure that hundreds or probably thousands more bot accounts are similarly affected.

If you want an in-depth look at this form of attack watch with 40 minute video : DefCon 15 – T312 – The Executable image Exploit

You can read of the older GDI hack on this Cisco page : Microsoft GDI+ GIF Image Parsing Memory Corruption Vulnerability

There are other similar exploits and hacks. Scary eh. What’s irritating the heck out of me is Twitter let this through!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.