Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Twitter fixed bug could have exposed Direct Messages to third-party apps

Twitter-iphone-pin-fs8
ResearcherTerence Edendiscovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party.

The flaw is triggered when apps that require a PIN to complete the authorization process instead of the using the OAuth protocol. The expert discovered that some permissions such as that to access direct messages, remained hidden to the Twitter user.

Terence Edenwas awarded $2,940 for reporting the bug to Twitter under the bug bounty program operated through the HackerOne platform. According to Eden, the bug resides in the way the official Twitter API handles keys and secrets that could be accessed by app developerseven without the service’s authorization.

“Many years agothe official Twitter API keys were leaked. This means that app authors who can’t get their app approved by Twitter are still able to access the Twitter API.” wrote Eden.

“For some reason, Twitter’s OAuth screen says that these apps donothave access to Direct...(continued)

View All Trending Stories