Technology Other News 24 May 2017 Twitter had a bug, a ...

Twitter had a bug, allowed hackers to tweet from any account

DECCAN CHRONICLE.
Published May 24, 2017, 11:33 am IST
Updated May 24, 2017, 11:36 am IST
Anyone with know-how on the vulnerability could tweet from any account.
The researcher was awarded a bounty of $7,560 and Twitter fixed the ad service bug within three days of reporting it.
 The researcher was awarded a bounty of $7,560 and Twitter fixed the ad service bug within three days of reporting it.

There was a huge bug in Twitter’s ad service network and the vulnerability could allow anyone to tweet from anyone’s handle with ease, until a security researcher found the flaw in Twitter’s Ad Studio.

Motherboard reported that Kedrisec, a security researcher found the flaw in February and reported it to Twitter by February 25 after spending several days looking for bugs. He found the flaw in the ad service, which allows advertisers to upload media. By exploiting the bug in this network, he was able to post tweets as any other user. He claims that the bug was ‘not quite difficult’ to exploit.

 

Twitter did their research on the topic and quickly blocked the hole. "By sharing media with a victim user and then modifying the post request with the victim's account ID the media in question would be posted from the victim's account," Twitter wrote in its summary of the bug.

‘In plain English, this means that the attacker simply needed to fiddle with the code that gets sent to Twitter when posting something to trick the social network into posting the tweet as somebody else—all without having to hack anyone's account,’ explains Motherboard.

 

The researcher was awarded a bounty of $7,560 and Twitter fixed the ad service bug within three days of reporting it.

Click on Deccan Chronicle Technology and Science for the latest news and reviews. Follow us on Facebook, Twitter

...




ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
-->