Thursday, July 31, 2008

Coming up: Auto-follow-me vulnerabilty

Twitter suffers from a vulnerability which allows an attacker to force his victim to follow him automatically.

Twitter security team was notified on 31-July-2008.
Twitter partially fixed this vulnerability on 01-Aug-2008. The vulnerability can still be exploited on Internet Explorer. Users of other browsers are safe.
Twitter delivered a fix for IE on 04-Aug-2008. Fixed was verified on 11-Aug-2008(sorry, BlackHat/Defcon duties).

Technical details will be added soon...

1 Comments:

Anonymous Matthias said...

Looks like they fixed it.

August 2, 2008 10:27 AM  

Post a Comment

<< Home