The bug that let me Tweet from Any Twitter Account

The bug that let me Tweet from Any Twitter Account

11/7/2013

On November 6th, Henry Hoggard, an everyday ho-hum programmer from the UK, found an exploit on Twitter. This exploit allowed him to basically view and read messages and tweets from any account on the Twitter database. To to this, Hoggard used a Cross Site Request Forgery (CSRF) vulnerability to exploit the site.

In his blog, he proceeds to describe how he performed this act. The way that he describes the act is actually very simple. Aside from the use of CSRF, the actual exploit does not include anything too complicated. 

Hoggard then continues to outline how this can be harmful to the general public of Twitter. He then stated that through social engineering, an attacker can force any user to Tweet whatever the attacker wants them to.

Personnally, my Twitter account has been attacked before, and this exploit that Hoggard explains is not a surprise. When my Twitter account was hacked, the attacker sent about 10 people random links that were probably malicious. So with the exploit that Hoggard reveals, I wonder if this is the method that the people who attacked me used.

It’s very interesting considering that this method can hack ANY Twitter account. A more comedic attacker would try to hack Obama, and I think that would be funny.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s