Security Issues with Twitter

If you can notice at the past days Twitter is getting a lot of problems with their site, so what they did is they started tapping into Google’s Safe Browsing API in order to detect and block URLs pointing to malicious websites. Security experts applaud the initiative, even though the new feature is still buggy and can be easily bypassed. It looks like the flood of security threats that Twitter users have faced this year has prompted the administration of the micro-blogging platform to take a more proactive approach at security.

Chief security expert Costin Raiu at antivirus vendor Kaspersky, suggests that Twitter is using the Google Safe Browsing API in order to determine the nature of URLs. Surely, it won’t catch everything but definitively a step forward. The implementation still has some serious imperfections, one of which being the inability to verify links generated with popular URL shorteners. This is a significant problem because of the 140-character restriction, URL shortening is the most widely used method of posting links on Twitter.

There are also issue that detection can be bypassed by stripping the www from a malicious URL or leaving it with http:// only. Nevertheless, several security experts have applauded the initiative and are sure that the service will be tweaked in time. Some of them have recommended a similar approach for other social-networking websites. Maybe, in time, Twitter will decide to tap into other blacklists as well, such as the phishing URLs one maintained at PhishTank. This service, which is operated by OpenDNS, also offers a free API for developers.