I am rather miffed with Twitter for this breach in security. It’s such an old and well-known method of attack that it is beyond forgiveness that it wasn’t stopped at the source.
I was going through my latest ‘followers’ and this popped up :
I assume it was in one of the Britney type I blocked but what disturbs me is that a) it ever got through and b) it’s flagged at a known attack
If one got through you can be very sure that hundreds or probably thousands more bot accounts are similarly affected.
If you want an in-depth look at this form of attack watch with 40 minute video : DefCon 15 – T312 – The Executable image Exploit
You can read of the older GDI hack on this Cisco page : Microsoft GDI+ GIF Image Parsing Memory Corruption Vulnerability
There are other similar exploits and hacks. Scary eh. What’s irritating the heck out of me is Twitter let this through!