MOTB - Month of Twitter Bugs Begins

Security research testing of the Twitter API will be conducted during the month of July.  The stated goal is to bring awareness to the need for strengthening security in this very popular and flexible social network messaging facility.

MOTB Daily Findings published here
http://www.twitpwn.com/

Security Researcher Aviv Raff shares mission statement
http://aviv.raffon.net/2009/06/15/MonthOfTwitterBugs.aspx

QUOTE: Today, three years after the “Month of Browser Bugs”, I’ve decided to declare July 2009 as “Month of Twitter Bugs” (MoTB). I’m doing so in order to raise the awareness of the Twitter API issue I recently blogged about. MoTB could have been easily converted to any other “Month of Web2.0 service bugs”, and I hope that Twitter and other Web2.0 API providers will work closely with their API consumers to develop more secure products.

Below is the 1st documented vulnerability related to shortened URLs that may be shared in these micro-blog messages:

MoTB #01: Multiple vulnerabilities in bit.ly service
http://www.twitpwn.com/2009/07/motb-01-multiple-vulnerabilities-in.html

QUOTE: "bit.ly allows users to shorten, share, and track links (URLs). Reducing the URL length makes sharing easier. bit.ly can be accessed through our website, bookmarklets and a robust and open API. bit.ly is also integrated into several popular third-party tools such as Tweetdeck."

bit.ly has a large user base (who doesn't click bit.ly links?). However, with such a poor response rate to security vulnerabilities, and with such a poorly coded website, in terms of security, we can only hope for the best. Please be careful clicking those shortened URLs...