Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

« WarVOX 1.0.0 Released | Main | Google Docs suffers serious security lapse »

Twitter SMS spoofing

"A fix against an SMS spoofing flaw involving micro-blogging service Twitter offers only partial protection.

Tests by Heise Security found that providing a user knew the number of a phone associated with a Twitter account, it would be possible to use an SMS sender faking service to post fake status updates that appeared under a user's profile. Services such as PhonyText allow the relaying of SMS messages with a fake sender field. Spoofed SMS messages sent through this service to the number for sending SMS tweets could thus be used to create fake tweets.

In this way, providing you knew the mobile number associated with accounts, it might be possible to suggest that Stephen Fry was once again stuck in a lift instead of whale-watching off the coast of Mexico or that Britney's vagina had grown claws as well as teeth."

Read more: http://www.theregister.co.uk/2009/03/06/twitter_sms_spoofing_risk/

Posted by Robert A. on 03/06/2009 in Incidents , IndustryNews , Vulns | Permalink | Reddit

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!


Post a comment







Remember personal info?


Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals