Tag Archives: Twitter

Posted on Author Atlantic Computer Services Categories Blog

Before Twitter Patch, Private Messages May Have Been Vulnerable

If you’re a Twitter user, you should know that the company recently announced that they had addressed a serious security flaw that could have allowed hackers to gain direct access to Direct or Private Messages users sent via Twitter.

If you seldom use that feature, then the impact to you would have been minimal in any case. If it’s something you use on a regular basis, then breathe a sigh of relief.

The company had this to say about the issue:

“We recently discovered and fixed a vulnerability in Twitter for Android related to an underlying Android OS security issue affecting OS versions 8 and 9. Our understanding is 96 percent of people using Twitter for Android already have an Android security patch installed that protects them from this vulnerability.

For the other 4 percent, this vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this.”

The company stressed that there’s no evidence this security flaw was ever exploited in the wild, and again, there’s nothing for you, as a Twitter user to do. The company has already handled it.

The discovery of the flaw though, comes on the heels of another recent, dramatic Twitter hack. In that hack, dozens of user accounts belonging to high-profile individuals were commandeered and used to bilk unsuspecting users out of more than $120,000 worth of Bitcoins.

If history is a good guide, and it usually is, this won’t be the last major security flaw the company finds and addresses in what remains of the year. Nonetheless, kudos to Twitter for finding the flaw and acting quickly to correct it before it could be exploited. Here’s hoping they can continue to find and correct them before the hackers can take advantage.

0
Posted on Author Atlantic Computer Services Categories Blog

Some High-Profile Twitter Accounts Were Recently Hacked

An as-yet unidentified hacker pulled off quite a heist on Twitter recently. He (or she) gained access to a Twitter Admin account, and used that access to rapidly take control of a number of high profile Twitter accounts.

Once the hackers gained control of these accounts they began using them to lure unsuspecting victims to sending them small amounts of bitcoin and other cryptocurrencies.

This was done with the promise of doubling their investment in a very short time. The scam was successful, and the unknown hacker collected more than $100,000 in cryptocurrency.

The accounts hacked Included:

  • @Apple
  • @Bitcoin
  • @BarackObama
  • @JeffBezos
  • @JoeBiden
  • @elon_musk
  • @BillGates
  • @WarrenBuffet
  • @uber
  • @kanyewest
  • @wizkhalifa
  • @coinbase
  • @Ripple
  • @Gemini
  • @binance
  • @justinsuntron
  • @Tronfoundation
  • @SatoshiLite
  • And more

For Twitter’s part, they detected the unusual account activity quickly and shut it down, locking the impacted accounts and resetting their passwords. Some three hours after the attack began, Twitter reported that functionality had been fully restored to all impacted accounts.

The official announcement from Twitter reads in part as follows:

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

“We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”

There is some speculation that the attack may have been an inside job, but Twitter has so far neither confirmed or denied that. There is at least some cause for concern here. Current and former Twitter employees have, in the past, been charged for using Twitter’s internal systems to illegally collect information on users including email addresses, IP addresses and dates of birth.

Time well tell. In the meantime, don’t be taken in by similar sounding scams asking for small bitcoin or other cryptocurrency “investments” with the promise of spectacular, near-instant returns.

0
Posted on Author Atlantic Computer Services Categories Blog

Tweets Can No Longer Be Sent From SMS To Twitter

If you use Twitter on a regular basis, then you probably saw the official tweet from the company. Effective immediately, they’ve shut down the functionality that allowed users to tweet via SMS, something that has been a part of the platform since its earliest days.

For the time being, the company is keeping SMS-based two-factor authentication for account holders, but that may change.

Currently, it’s too soon to say with any degree of confidence. The recent action was taken in response to serious security flaws with tweeting via SMS that made user accounts vulnerable.

This is not the first time the company has suspended use of the feature. The first time they did it though, the suspension lasted just two days. It happened September 4th and 5th of 2019 after CEO Jack Dorsey’s Twitter account was hacked. This time, there’s no end in sight.

Users who rely on SMS-based tweeting are urged to make the transition to the social network’s Twitter mobile app, which serves as a viable alternative.

It should also be noted that while SMS-based tweeting has been suspended for most of the world, there are a few remote areas where it’s the only option available, and in those places, the capability to send a tweet via SMS remains intact.

The Twitter support team’s message about the change was short and to the point, reading simply:

We want to continue to help keep your account safe. We’ve seen vulnerabilities with SMS, so we’ve turned off our Twitter via SMS service, except for a few countries. If you were using Twitter vis SMS, you can log in at twitter.com or download our mobile app to enjoy the full Twitter experience.”

At this time, there is no word on if or whether the service will be restored. If it’s something you’ve been in the habit of relying on in the past, be aware that you’ll have to make a few changes to your routine.

0
Posted on Author Atlantic Computer Services Categories Blog

Private Twitter Files May Have Been Cached In Firefox

Are you a regular Twitter user? More specifically, are you a regular Twitter user who also prefers the Firefox web browser? If so, be advised that Twitter recently disclosed a new bug with potentially dire implications for you.

Apparently, a flaw in the design of the platform itself caused it to store private files inside Firefox’s browser cache.

The cache is a folder normally reserved for temporary storage of website files. Unfortunately, even after a user logged off of Twitter’s service, the files would remain in the browser cache, often for as long as a week,. This enables anyone with access to that machine to view them.

The files stored in this manner include files received via Direct Messages (DMs) and any downloaded files.

There are two potential points of concern here. First is the fact that if you make regular use of a shared machine and access Twitter from it, then whomever you are sharing the machine with would have easy access to files you assumed to be private.

Second, if malware were to infect the machine you access Twitter from, then the malware may wind up scraping that data and sending it to its controllers’ command and control server. That gives them a copy of information you assumed was private.

A spokesman for Twitter summarized as follows:

If you use, or have used a public or shared computer to access Twitter, we encourage you to clear the browser cache before logging out, and to be cautious about the personal information you download on a computer that other people use.”

From inside Firefox, follow these steps to clear your browser cache:

Go to “tools” then “Options.” From there, select “Privacy & Security” and then “Cookie and Site Data.”

Once there, you’ll see an option labeled “Clear Data.” Click that, give the machine a minute, and you’re all set.

Twitter reports that it has fixed now fixed the bug and reiterated that it was not an issue for people who used Chrome or Safari.

0
Posted on Author Atlantic Computer Services Categories Blog

Twitter Making Changes To Their Political Ad Rules

Social media has been at the center of several high-profile political dramas of late. The major platforms came under fire for not doing enough to monitor political ads and other content.  The major players on the social media landscape are all responding in different ways to the backlash. Recently, Twitter announced some new policies that will likely be in place before the time you read these words.

Beginning on November 22nd on Twitter, the company’s new political content and cause-based advertising policies will forbid the paid promotion of certain content. This includes any content that references government officials, ballot measures, referendums, regulations, legislation, candidates, political parties, or government officials.  This change essentially renders it pointless for candidates for political office, or for PACs and Super PACs that may be supporting them to purchase Twitter ads.

As details about the company’s new policies came to light, even supporters of the idea were quick to criticize. They pointed out that issue-based advertisers would also be punished by the changes. Twitter’s CEO Jack Dorsey clarified. He said that issue-based advertisers will be restricted, rather than banned outright. He also said going forward, they will be unable to target users based on demographic factors like race, age, or specific location. Although general location (state and province-level) would still be allowed.

This is a decent compromise position that doesn’t leave issue-based advertisers thrilled. However it is broadly seen as a step in the right direction.  One thing the new policy change doesn’t address though, is the matter of disinformation on the platform, which tends to spread like wildfire.

All in all, the changes are generally positive, but they should be seen as a first step only.  Social media has unfortunately become a cesspool of misinformation, and no one seems to have any good ideas on how to go about changing that.

 

0
1 2 3