Regular Twitter users are used to seeing a ‘fail whale’ every so often that indicates the service is down for some reason (usually capacity). In July, the fail whale could be coming from a different source – namely the month of Twitter bugs.
Security researcher Aviv Raff has announced that July will be the month of Twitter bugs. Raff was part of H D Moore’s Month of Browser bugs back in 2006 – so he’s the real deal.
Raff isn’t targeting Twitter.com but rather the Twitter API — which is what powers third party Twitter clients like Twhirl and TweetDeck.
“Each day I will publish a new vulnerability in a 3rd party Twitter service on the twitpwn.com web site, Raff wrote on his website. “As those vulnerabilities can be exploited to create a Twitter worm, I’m going to give the 3rd party service provider and Twitter at-least 24 hours heads-up before I publish the vulnerability.”
No this isn’t the Twitpocalpyse — then again the Twitpocalypse of last Friday (where a programming issue could have led to the stoppage of third party Twitter clients) was a non-event itself, with Twitter services (as best as I can tell) operating normally on Friday through until today.
Certainly there are flaws in the Twitter API.Twitter has been experimenting with Oauth for user authentication and that approach has its own security issues.
It will be interesting to see if there are 30 days worth of bug that can be found in the Twitter ecosystem. Either way, the fact that Raff will give the vendors a heads-up first means they’ve all got the opportunity to fix flaws first – which ultimately, hopefully will make Twitter more secure for all Twitter users.
Follow me on Twitter @TechJournalist