Hackers embed attacks in Twitter profile images

Viral images, but not in a good way!

I am rather miffed with Twitter for this breach in security. It’s such an old and well-known method of attack that it is beyond forgiveness that it wasn’t stopped at the source.

I was going through my latest ‘followers’ and this popped up :

hackers-embed-attacks-in-twitter-profile-images

I assume it was in one of the Britney type I blocked but what disturbs me is that:
a) it ever got through Twitter’s laughable defences before my firewall had to stop it, and
b) it’s flagged at a known attack.

If one got through you can be very sure that hundreds or probably thousands more bot accounts are similarly affected.

If you want an in-depth look at this form of attack watch with 40 minute video : DefCon 15 – T312 – The Executable image Exploit

You can read of the older GDI hack on this Cisco security page (since deleted) : [ Microsoft GDI+ GIF Image Parsing Memory Corruption Vulnerability ]

There are other similar exploits and hacks. Scary eh. What’s irritating the heck out of me is Twitter let this through!

Ack

Been playing with computers since the stone age, online since the '80s, and developing websites since the '90s.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: