In the protection of the social network Twitter was discovered “hole” that allows you to post on behalf of any user of the service, even without access to his account, reported Digital Security company in a press release (have).
The company highlighted the risk of the identified vulnerability using which an attacker, being only an advanced user could publish this or that information right in many accounts. The simultaneous deployment of similar records on the pages of several authoritative media, big business and politicians would give false information for the external credibility that could lead to serious consequences.
“The misinformation of this kind can provoke major changes in stock prices cause political instability in a large region, to provoke financial losses of a number of organizations to run crisis wave in the country”, — stated in the message Digital Security.
The company explained that the “hole” was discovered in late February 2017, but then the information had not been made public, to give the company the Twitter the opportunity to remedy the situation and to conduct an audit “to determine whether similar vulnerabilities”. Currently, the danger is eliminated, and detected the error in the security system Digital Security researcher Egor Zhizhin not only received official thanks Twitter, but also received a large cash award.
Technical details of the vulnerability can be found in the blog of Digital Security on the website Habrahabr.ru.
At the beginning of 2017, the hackers posted the account of the newspaper the New York Times in a Twitter message about the missile strike at the United States. Account NYT later issued a statement explaining that the tweets were published “without authorization”.
In early may of 2017, the company Google has warned users around the world about phishing sending emails from Gmail under Google Docs. When you click on the link it is proposed to give access to email and address book program that allegedly is Google Docs. However, if you follow a malicious link, attackers will be able to access accounts via third-party applications.
Digital Security — Russian consulting company in the field of information security, specializiruetsya on the search and study of vulnerabilities in various applications and systems.