Friday, February 13, 2009

Twitters falls victim to ClickJack attack

Twitter put an end to a clickjacking attack yesterday that got users to click on a link labelled “Don’t Click”.

In an attempt to satisfy their curiosity (or simply do what they were told not to do) thousands of users clicked on the link.

Whether they clicked on the link or not, a link would appear on their Twitter page with the same link and message as they originally received.

"We patched the "don't click" clickjacking attack 10 minutes ago. Problem should be gone," John Adams, aka Netik, an operations engineer at Twitter, tweeted around 11 am PST.

Although annoying, the clickjacking seems to be harmless and just propagated itself.

More on this attack can be found here.

Friday, February 6, 2009

ISG meeting - 5 Feb 2009

The Information Security Group of Africa convened at the Standard Bank building on Grayston Street yesterday to share and learn about pertinent industry issues.

The meeting kicked off with an overview of an exciting project entitled “The Pubcast”. This initiative is meant to provide a platform to bring information security professionals together to discuss information security and to bridge the gap between infosec and social networking. The most recent “Pubcast” podcast was a live interview with Karel Rode and Craig Rosewarne – Acting Chairman and Chairman of the ISG, which was recorded by ITWeb at the meeting yesterday.

More information can be found at

Gareth Watt spoke about the new EMV (Chip & Pin) cards that are being issued locally. Watt discussed the evolution from magstripe that originated in the 1960s, to the EMV cards in use today. Although these new cards have many benefits, he said, it is still possible for them to be skimmed.

Charles Dick was there too and spoke about the Post Office’s Trust Centre. “SAPO does not see itself as a digital certificate seller,” he said. “Rather an organisation that creates a PKI environment for products and services.”

The trust centre will be launched in approximately 8 weeks time.