On November 6th, Henry Hoggard, an everyday ho-hum programmer from the UK, found an exploit on Twitter. This exploit allowed him to basically view and read messages and tweets from any account on the Twitter database. To to this, Hoggard used a Cross Site Request Forgery (CSRF) vulnerability to exploit the site.
In his blog, he proceeds to describe how he performed this act. The way that he describes the act is actually very simple. Aside from the use of CSRF, the actual exploit does not include anything too complicated.
Hoggard then continues to outline how this can be harmful to the general public of Twitter. He then stated that through social engineering, an attacker can force any user to Tweet whatever the attacker wants them to.
Personnally, my Twitter account has been attacked before, and this exploit that Hoggard explains is not a surprise. When my Twitter account was hacked, the attacker sent about 10 people random links that were probably malicious. So with the exploit that Hoggard reveals, I wonder if this is the method that the people who attacked me used.
It’s very interesting considering that this method can hack ANY Twitter account. A more comedic attacker would try to hack Obama, and I think that would be funny.