Mercury was used to make hats years ago. Of course mercury is a heavy metal that if exposure occurs can cause major psychological, neurological, and other problems. This is why these individuals were often called “The Mad Hatter” because the materials they used would literally drive them mad. The way Twitter has build their application and service used (metaphorically speaking) a whole lot of Mercury. They must have been crazy to build it the way they did allowing no limit to the number of security exploits that can be run.
The issue is this: They didn’t think through the security when initially developing the service (which is common for new services…especially when they didn’t have any idea how popular the service might become). Then on top of that (due to popularity), other 3rd party apps, sites, and organizations are layering their services on top of Twitter. So Twitter has difficulty making any large scale changes without breaking a lot of its users. Then, when making a rash move toward enhanced security using Open Source such as OAuth, they find it susceptible to certain types of attacks and have to abandon it. As a result many, many different types of exploits are being run from a myriad of vantage points. Hackers are exploiting 3rd party apps that link to Twitter. Hackers are exploiting the way Twitter validates users and mobile phones to spoof messages. Hackers are compromising celebrity and popular accounts to send false messages. Cross-Site Scripting and other more “traditional” hacking methods are being used to exploit the service. etc.
This reminds me of the late 90’s and earlier this decade when hackers would compromise websites. Once compromised, they would change the homepage to a political message, hate message, or maybe just a picture of themselves, and let you know just how stupid you are and how easily they can disrupt your life. You don’t see those things any more although website compromise has never been more prevalent. The change is that hackers learned they could make money. If they have that level of access to a website, there is a lot they can do. As time goes on, these attacks on Twitter will begin to be more serious. This has somewhat already started. One of the most popular things a hacker can or will do after compromising an account is to post a message with a link. The message is designed to grab their attention and then give them a link where they can learn more information. These links often go to malicious software sites where the user’s computer or laptop can be completely compromised with Trojan horse or other malware. This can give access and control to hackers, essentially giving them more rights, privileges, and access to your system then you have. Yes, they can remotely control the system, capture anything you type or look at, turn on your video camera and microphone, or anything else they want to do. Honestly, I think we are only at the beginning of problems with Twitter. They need to do a ground-up rebuild of their entire security infrastructure. Of course the problem is that this would cause major disruption in the service which they do not want, and probably won’t do. Hence if you use Twitter..plan to be hacked.
