The Hacker News — Cyber Security and Hacking News Website: Twitter

Twitter just admitted that the social network accidentally revealed some Android users' protected tweets to the public for more than 4 years — a kind of privacy blunder that you'd typically expect from Facebook . When you sign up for Twitter, all your Tweets are public by default, allowing anyone to view and interact with your Tweets. Fortunately, Twitter also gives you control of your information, allowing you to choose if you want to keep your Tweets protected. Enabling "Protect your Tweets" setting makes your tweets private, and you'll receive a request whenever new people want to follow you, which you can approve or deny. It's just similar to private Facebook updates that limit your information to your friends only. In a post on its Help Center on Thursday, Twitter disclosed a privacy bug dating back to November 3, 2014, potentially caused the Twitter for Android app to disable the "Protect your Tweets" setting for users without their k

Twitter has been hit with a minor data breach incident that the social networking site believes linked to a suspected state-sponsored attack. In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users’ exposed information. The impacted support form in question was used by account holders to contact Twitter about issues with their account. Discovered in mid-November, the support form API bug exposed considerably less personal information, including the country code of users' phone numbers associated with their Twitter account, and "whether or not their account had been locked." So far the company has declined to provide more details about the incident or an estimate for the number of accounts potentially impacted but says it believes that the attack may have ties to state-sponsored actors. "During our

Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers. Most malware relies on communication with their command-and-control server to receive instructions from attackers and perform various tasks on infected computers. Since security tools keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly using legitimate websites and servers as infrastructure in their attacks to make the malicious software more difficult to detect. In the recently spotted malicious scheme, which according to the researchers is in its early stage, the hackers uses Steganography —a technique of hiding contents within a digital graphic image in such a way that's invisible to an observer—to hid

If your Google Home, Home Mini and/or Google Chromecast streaming stick were not working properly, you are not alone. Google Home, Home Mini, and Chromecast were down globally for many users for several hours, leaving a lot of people with trouble watching TV, controlling smart home gadgets, and listening to music. Yesterday, hundreds of Chromecasts and Home users began complaining about their devices not working properly on both the official "Made by Google" Twitter account and Down Detector. Later, Google confirmed that its Home and Chromecast across the world went down due to an unspecified "issue," and that the company was investigating the issue and working on a solution, but did not provide any kind of explanation about the glitch. The issue appears to be affecting devices that work using Google's Home technology, which is a smart ecosystem that allows users to stream content to devices. "Bug confirmed... We use Chromecast in all our conf

Twitter is urging all of its 330 million users to change their passwords after a software glitch unintentionally exposed its users' passwords by storing them in readable text on its internal computer system. The social media network disclosed the issue in an official blog post and a series of tweets from Twitter Support. According to Twitter CTO Parag Agrawal, Twitter hashes passwords using a popular function known as bcrypt, which replaces an actual password with a random set of numbers and letters and then stored it in its systems. This allows the company to validate users' credentials without revealing their actual passwords, while also masking them in a way that not even Twitter employees can see them. However, a software bug resulted in passwords being written to an internal log before completing the hashing process—meaning that the passwords were left exposed on the company's internal system. Parag said Twitter had found and resolved the problem itsel

Facebook, Instagram, Twitter, VK, Google's Picasa and Youtube were handing over user data access to a Chicago-based Startup — the developer of a social media monitoring tool — which then sold this data to law enforcement agencies for surveillance purposes, the ACLU disclosed Tuesday. Government records obtained by the American Civil Liberties Union (ACLU) revealed that the big technology corporations gave "special access" to Geofeedia. Geofeedia is a controversial social media monitoring tool that pulls social media feeds via APIs and other means of access and then makes it searchable and accessible to its clients, who can search by location or keyword to quickly find recently posted and publicly available contents. The company has marketed its services to 500 law enforcement and public safety agencies as a tool to track racial protests in Ferguson, Missouri, involving the 2014 police shooting death of Mike Brown. With the help of a public records request, the

Guess What? Someone just downloaded Twitter’s Vine complete source code. Vine is a short-form video sharing service where people can share 6-second-long looping video clips. Twitter acquired the service in October 2012. Indian Bug bounty hunter Avinash discovered a loophole in Vine that allowed him to download a Docker image containing complete source code of Vine without any hassle. Launched in June 2014, Docker is a new open-source container technology that makes it possible to get more apps running on the same old servers and also very easy to package and ship programs. Nowadays, companies are adopting Docker at a remarkable rate. However, the Docker images used by the Vine, which was supposed to be private, but actually was available publically online. While searching for the vulnerabilities in Vine, Avinash used Censys.io – an all new Hacker’s Search Engine similar to Shodan – that daily scans the whole Internet for all the vulnerable devices. Using Censys, Avina

Whistleblower Edward Snowden just joined Twitter, and his first tweet seems to be directed at the US National Security Agency (NSA) . Yes, the world's most popular whistleblower and data privacy advocate has finally joined Twitter just two hours ago, and his first tweet came, “ Can you hear me now? ” Snowden has gained more than 260,000 followers in just less than two hours, but he is currently following only one account: @NSAGov , the official Twitter account for the National Security Agency. Twitter has verified Snowden's Twitter account ( @Snowden ), and his Twitter bio provides a short summary of his prolonged situation. Snowden's Twitter bio reads, "I used to work for the government. Now I work for the public. Director at @FreedomofPress." Snowden is listed as director of Freedom of the Press, a foundation dedicated to ensuring transparency in journalism in adverse situations. The former NSA contractor Edward Snowden sought asylum in

After, Facebook open sourced Thrift Technology ( an internally used tool by Facebook ) in 2007, rival entity Twitter brings Diffy , an internal Twitter service to the world. Yesterday, Twitter introduced " Diffy ," an open source tool, acting as a helping hand for the software developers to catch bugs, test and compare results without writing much code. Diffy plays a vital part in Twitter's development. As a service - Twitter modifies portions of its complex code on a timely basis, and Diffy is packed with such advanced automated techniques that it helps Twitter in its smooth workflow and optimized performance. Diffy simultaneously relieves programmers from writing separate codes to test flaws in the modified code. As, Diffy's minimal setup requirements are adaptable to any kind of environment. Apache Thrift and HTTP-based communication are such elaborate environments where Diffy catches bugs automatically . But, What exactly Diffy is? D

Yesterday, Facebook Co-founder and Chairman Mark Zuckerberg broadcast in his Facebook post, that Monday Facebook made a record by counting ONE BILLION people accessing Facebook in a single day. Zuckerberg shared his happiness and thanked the world. He was overwhelmed with the milestone Facebook has touched and even shared a video expressing his emotions. "[Facebook] just passed an important milestone," Zuckerberg wrote in a Facebook post on Thursday. "For the first time ever, one billion people used Facebook in a single day." That means roughly 1 in 7 people on Earth connected with their friends and family using Facebook in a single day. Feeling Connected Indeed! So far, Facebook is the world's largest online social networking website with 1.5 Billion monthly active users . Comparatively, Twitter has 316 Million monthly active users . Zuckerberg felt proud of the Facebook community. As they are the ones, who helped him to reach such

Like Facebook and Google, Twitter will soon be collecting your smartphone data in order to provide a " more personal Twitter experience " by serving targeted advertisements. The popular microblogging service Twitter said Wednesday that it will start collecting information about the other applications its users have installed onto their smartphones or tablet in a bid to better target ads and content, which some users may consider as another threat to their online privacy. In the Security and Privacy section of its support site, Twitter says that it will be " collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in ." The company has updated its app with this new feature for iOS platform on Wednesday, and Android will integrate this new feature in the next week. The app update is opt-out , which means Twitter will start collecting information from users aut

There’s a good news for app developers. On Wednesday at Twitter’s first annual developer conference Flight, the company announced a new tool for developers which will allow users to log-in to mobile applications using their phone numbers rather than a traditional username and password combinations. SAY NO TO PASSWORD The service will be called Digits, aimed at application developers looking for an easier, password-free login option for their mobile applications  – in a similar way to Snapchat , WhatsApp and Viber that rely only on verified users’ mobile numbers for sign-in, rather than the traditional ID and password combination. " This is an entirely new native mobile sign up service that makes mobile-first sign-up frictionless, and creates an identity relationship entirely between you and your users ," said Twitter CEO Dick Costolo, speaking at the Twitter Flight developer conference in San Francisco. DEVELOPERS DON’T TRUST TWITTER On one hand, where o

The popular social media site Twitter is rolling out a couple of new features to its login process to help users prevent their account in a more secure way and restore access to their account if they forget their accounts’ password. For tighten up the security measures Twitter is launching two factor authentication in its new password reset experience, making its users to reset their password in easier way and at the same time difficult for cybercriminals to log in to users’ accounts. " The new process lets you choose the email address or phone number associated with your account where you'd like us to send your reset information. That way, whether you've recently changed your phone number, or are traveling with limited access to your devices, or had an old email address connected to your Twitter account, you've got options ," Twitter said in a blogpost on Thursday. RESET TWITTER PASSWORD WITH SMS This new experience will let Twitter users to

Twitter , the biggest Social Media platform used for vital communication is now banned in Turkey from the last few days, after Prime Minister Recep Tayyip Erdoğan promised to root out the social media service during an election rally this week with the help of a court order. “ Twitter and so on, we will root them out. The international community can say this or that – I don’t care. They will see the power of the Turkish Republic .” After the ban imposed on Twitter late on Thursday, millions of Turkey users began using Google’s DNS service to bypassing censorship, that briefly helped Turks stay connected to Twitter. Turkey Government is trying to close all the possible loopholes that had allowed users to circumvent the ban and finally today the authorities have also blocked the Google DNS service (8.8.8.8 and 8.8.4.4), However the number of tweets jumped 138% in the last 24 Hours and almost 2.5 million tweets have been posted from the country after the ban imposed. Why

TWITTER is taking users' privacy and security very seriously and in an effort to prevent Government snooping, the company has secured your Twitter emails with with TLS (Transport Layer Security). Twitter emails were previously using a plain text communication protocol, that now has been upgraded to an encrypted (TLS or SSL) connection using STARTTLS . In a blog post, Twitter announced : " Since mid-January, we have been protecting your emails from Twitter using TLS in the form of StartTLS. StartTLS encrypts emails as they transit between sender and receiver and is designed to prevent snooping. It also ensures that emails you receive from Twitter haven’t been read by other parties on the way to your inbox if your email provider supports TLS. " " These email security protocols are part of our commitment to continuous improvement in privacy protections and complement improvements like our securing of web traffic with forward secrecy and always-on HTT

Recently Twitter has rolled out Vine app for Android, A new way to share video on twitter. The free app, which enables people to record and share clips of up to six seconds with other Vine users as well as on Twitter and Facebook. But on the very next day, Twitter’s video-sharing application Vine was hacked by 16-year-old Will Smidlein , who uploaded the three-and-a-half minute video of Rick Astley’s song “ Never Gonna Give You Up .” This video violated Vine’s usual code that only six second videos are posted. " I think I broke Vine ," Will Smidlein tweeted Monday night , where he described himself as a Web developer. What he did exactly? Smidlein decompile the app's code into a readable format, then modify few parts of the program that actually validate user to upload only 6 sec video. " Sorry, Twitter/Vine engineers, " he wrote. " I tried to keep it quiet, but the internet never forgets." ,  it could potentially embarrass a few of

Trusteer researcher Tanya Shafir   has recently identified an active configuration of TorRAT targeting Twitter users. Other than  spreading ideas on the most popular social networks, now cyber criminals are spreading  malware . The malware launches a Man-in-the-Browser (MitB) attack through the browser of infected PCs, gaining access to the victim’s Twitter account to create malicious tweets.  Because the malware creates malicious tweets and sends them through a compromised account of a trusted person or organization being followed, the tweets seem to be genuine. Those tweets contain malicious links and they read : “ Our new King William will earn even more than Beatrix. Check his salary” or “Beyonce falls during the Super Bowl concert, very funny!!!! ” At this time the attack is targeting the Dutch market. The malware spreading via the online social networking service, used as a financial malware to gain access to user credentials and target their financial transactions. The a

Government eavesdropping and security agency GCHQ is developing new tools to sift through them for nuggets of useful data from Facebook, Twitter, LinkedIn, Google+, Pinterest. All of these are the source of valuable intelligence that the UK's intelligence agencies want to know about. During a visit to Bletchley Park, UK foreign secretary William Hague launched a 'spy drive' to recruit staff for GCHQ and other intelligence agencies, a National Cipher Challenge for schools, and a £480,000 grant to the home of WW2 code-breaking. “ The work involves devising algorithms, testing them and general problem solving in the broad field of language and text processing. This pioneering research work is open to specialist in mathematical/statistics, computational linguists (eg speech recognition and/or language processing) and language engineering .” Job Description explains . " Using data-mining techniques, you will help us to find meaningful patterns and relationships in large

Official Twitter account of Rock band ' Garbage ' has been compromised and hacker is posting Spam tweets and links using adf.ly, which is a url shortener service that pays on clicks. Hacked twitter account hack around 55,563 Followers. Hacker can post malicious links also, but in this case we can see that purpose is not to infect other, instead hacker want to make some money by spreading links. Even he has mention this in a tweet, “ All you people saying I'm dumb. I've made over 19 dollars by spamming ad.fly links. I hack twitters and spam them great money ,” How hacker got access to twitter account is not yet clear, may be phishing, social engineering or can be a  password guess, but once readers should learn the importance of strong password. Yesterday we have posted another Exclusive report that, how 15000 wordpress blogs hacked and hacker is making money from referral system by posting spam articles on each blog. Subscribe  to our  Daily Newsle

A very quick and urgent warning for Twitter users, If you receive a direct message (DM) on Twitter saying " My profile was viewed..times..today " with a link then please don't click it. If you do, you will run the risk of having your Twitter account hijacked, your account turned into a spam-spewing tweet factory and all of your Twitter followers will be sent a personal copy of the same DM saying " My profile was viewed..times..today ". The direct message is a Scam aimed at stealing your twitter account. Or If any of this phishing scheme sounds familiar, it’s because this scam and others like it have been going around for quite some time now. Reason being, they’re all highly effective. Sure, the verbiage in the Twitter DMs may change periodically, but the goal of stealing your Twitter username and password stays the same. We recommend you to: DO  not click the link. DELETE  that message ONCE REVIEW  all the application you have allowed in your