|
Information Security News
mailing list archives
Twitter flaw gave third-party apps unauthorized access to private messages, researcher says
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 23 Jan 2013 01:51:33 -0600 (CST)
https://www.networkworld.com/news/2013/012213-twitter-flaw-gave-third-party-apps-266030.html
By Lucian Constantin
IDG News Service
January 22, 2013
Users who signed into third-party Web or mobile applications using their
Twitter accounts might have given those applications access to their Twitter
private "direct" messages without knowing it, according to Cesar Cerrudo, the
chief technology officer of security consultancy firm IOActive.
The issue is the result of a flaw in Twitter's API (application programming
interface) that led to users not being properly informed about what permissions
an application will have on their accounts once granted access. Cerrudo
described the problem and explained how he discovered it in a blog post
published Tuesday.
Twitter has disruptions after hectic time during inauguration of U.S. president
Applications that allow users to log in with their Twitter accounts have to be
registered with Twitter at https://dev.twitter.com/apps. During registration,
their developers have to declare the level of access the applications will have
on people's accounts: "read only," "read and write" or "read, write and access
to direct messages."
When users attempt to log into such an application for the first time using
their Twitter accounts, they get redirected to an authorization page on
Twitter's website that lists the permissions requested by the particular
application.
[...]
______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
 By Date 
By Thread
Current thread:
- Twitter flaw gave third-party apps unauthorized access to private messages, researcher says InfoSec News (Jan 23)
|
