Wednesday, December 5, 2012

Twitter fixes SMS-based account hijacking vulnerability


Twitter has restricted the ability of attackers to post tweets and perform other actions on behalf of many users who have phone numbers associated with their accounts, but some users need to enable a PIN option in order to be protected.

On Monday, a developer and security researcher named Jonathan Rudenberg reported that attackers can abuse the Twitter accounts of users who added their phone numbers to their profiles in order to use the service via SMS (Short Message Service).

That is if an attacker knows the phone number of a Twitter user and that user associated his phone number with his account, the attacker can issue SMS commands on behalf of the user without actually having access to his phone.



-->

Facebook and Venmo, a payment service, were vulnerable to the same type of attack, but fixed the problem after being contacted in August and November respectively, Rudenberg said. However, after initially responding to the private report in August, Twitter stopped answering, he said.


Read more about it at: Computer World

We are also on Facebook

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More