Security firm F-Secure discovered that Twitter has begun blocking links to malicious sites when users try to post them. Twitter has not acknowledged this with an announcement yet, but users (at least some) are getting the following message when trying to post a link to a known malware site:
“Oops! Your tweet contained a URL to a known malware site!”
Twitter and security are have certainly not been known to be synonymous. Murdok has reported a various Twitter-related security flaws in the past. We interviewed Amit Klein, CTO of Trusteer, who discussed Twitter account hijacking, among other issues. Then there is the whole email spam issue. Recently, even Twitter’s own internal documents were hacked.
The blocking of malicious URLs shows that the company is not ignoring security concerns though. Although, it is odd that they have not addressed this in a blog post or anything.
Tameka Kee at PaidContent points out that Twitter has improved on the security front:
The new feature has surfaced (coincidentally) just a day after the annual Defcon hacker conference. Twitter was a resident on the Defcon “Wall of Sheep,” which shows a stream of passwords and login info from people that have unwittingly exposed their data over various networks (per Forbes); the startup got a better security grade this year than last year—but hackers still said Twitter could be doing more to protect its users.
Users need to be careful. You should probably not click links from sources you are not familiar with and don’t trust. While Twitter is blocking malicious URLs, that doesn’t mean they’re catching all of them.
