I am rather miffed with Twitter for this breach in security. It’s such an old and well-known method of attack that it is beyond forgiveness that it wasn’t stopped at the source.
I was going through my latest ‘followers’ and this popped up :
I assume it was in one of the Britney type I blocked but what disturbs me is that:
a) it ever got through Twitter’s laughable defences before my firewall had to stop it, and
b) it’s flagged at a known attack.
If one got through you can be very sure that hundreds or probably thousands more bot accounts are similarly affected.
If you want an in-depth look at this form of attack watch with 40 minute video : DefCon 15 – T312 – The Executable image Exploit
You can read of the older GDI hack on this Cisco security page (since deleted) : [ Microsoft GDI+ GIF Image Parsing Memory Corruption Vulnerability ]
There are other similar exploits and hacks. Scary eh. What’s irritating the heck out of me is Twitter let this through!