Hello, welcome to the Thursday, March 16th, 2017 edition of the Sanct Center Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

A large number of Twitter accounts did post pro-Turkey messages this morning, apparently due to a compromise of the Twitter app Twitter counter.

Twitter counter can be used to create statistics for specific Twitter users, but of course in order

to create these statistics, Twitter counter will ask you for access to your account.

Now, Twitter counter uses OAuth in order to accomplish that, which is of course the standard

for Twitter, which actually sort of helped a little bit in this case.

Apparently, what happened was that someone figured out to use these privileges that

Twitter counter had with its customers to then send

tweets. Now, once this became obvious, Twitter counter was able to revoke its API key,

which of course did remove access to the attacker. Another advantage of Oath, of course, is that this particular compromise did not affect users'

Twitter passwords themselves, just the credentials they did negotiate with Twitter counter.

Now the service is down at this point, not really sure when it will be up again.

I guess they first have to figure out what exactly happened and how to fix it.

But lesson learned here for anybody using a social network and using O-O-O-OF.

It is important that occasionally you do review the applications that do have access to your account.

And of course, if you sign up with a particular application, make sure you don't give it access

beyond what it needs to do its service.

Not really sure why Twitter counter had access to post tweets on the user's behalf

that shouldn't really be necessary in order to just collect statistics.

But I haven't used, luckily, this service in the past.

So I'm not really that familiar with it.

...