Saturday, November 16, 2013

Oh, So That Was It

From a friend's in-house security detail:

Twitter Fixes Bug That Enabled Takeover of Any Account 
We recently reported on a discovery by security researcher, Henry Hoggard, exposing a cross site request forgery (CSRF) vulnerability in Twitter’s “add a mobile device” feature, that would allow a user to read direct messages and tweet from any account. An exploit of this vulnerability would force users to perform unwanted actions in an application or service for which they are already authenticated. Twitter fixed the bug within 24 hours of Hoggard’s report. According to Hoggard, even before it was fixed, users with their browser’s No-Script extension installed would not have been impacted by this bug. 
I think that happened to me.  Taking my courage in my teeth, I have reopened with, I hope, better security.  I do seem to have acquired (and have killed out) a bunch of new followers with a bunch of cool stuff to sell.   Give me a headsup if you notice anything weird. 

1 comment:

Taxmom said...

@katyesterday and @gandalfterrier are both glad to see you back. But to whom will we look for must-see recommendations on Mediterranean weight-loss schemes if you have upped your security levels?