Staying Safe & Secure
on Twitter
Tom Eston
SocialMediaSecurity.com

Who is this guy?
• Tom Eston, Security Researcher
• Blog: Spylogic.net
• Podcast: Securityjustice.com
• SocialMediaSecurity.com @socialmediasec
• Twitter: @agent0x0

5 1/2 Twitter Threats

Distributed Denial of Service
(DDoS)

Short URL Services

Third-Party Services

Web Vulnerabilities
• XSS (Cross Site
Scripting)
• ClickJacking
• Third-Party
Applications
(Twitpic,
BrightKite)

Impersonation &
Disinformation
• Fake accounts
(Celebrity)
• Do you trust
what you
read?
• Fake Re-
Tweets
• SPAM

The employees at
Twitter...srsly.
• Two high profile
attacks already!
• Don’t use real
information for
password reset
questions!
• Same passwords for
all accounts = FAIL

How can you stay safe?

#1
#2

NoScript
• Protects you from
malicious JavaScript
• Prevents XSS/ClickJacking
• Kills unwanted
ads..improved speed!
• http://noscript.net

Use a Third Party Client
• Safer then using the
Twitter web client
• Some have issues
with clear text
authentication...but...

Long URL Please Add-on
• Shows you true URL
• 73+ services supported
• LongURLPlease.com

Use a Password Manager
• KeePass
• 1Password (iPhone) keepass.info
• Or...think of a
password scheme
(C0mp1exP@assw0rd
_Tw1tter)
• If one account gets
compromised...others
are safe!

Careful what you
believe, trust but verify...
• Even Tweets from
your friends! What if
their account was
compromised?
(Koobface)
• News sources can be
sketchy...

Careful what you
tweet...
Everyone is watching.

Monitor your brand
It’s your reputation at risk.

Twitter needs to take
security srsly...
No really.

Questions?
More information available at:
SocialMediaSecurity.com
Email: tom@socalmediasecurity.com
Twitter: @agent0x0 or @socialmediasec