269 matches found
Twitter Flaw Exposed Direct Messages To External Developers
Twitter on Friday said that a recently-patched bug in its platform enabled software developers to read users’ private direct messages or protected tweets. The bug ran from May 2017 until it was discovered on September 10 – after which Twitter patched the glitch to prevent data from being...
Twitter is Testing End-to-End Encrypted Direct Messages
Twitter has been adopting new trends at a snail's pace. But it's better to be late than never. Since 2013 people were speculating that Twitter will bring end-to-end encryption to its direct messages, and finally almost 5 years after the encryption era began, the company is now testing an end-to-e...
Twitter is Testing End-to-End Encrypted Direct Messages
Twitter has been adopting new trends at a snail's pace. But it's better to be late than never. Since 2013 people were speculating that Twitter will bring end-to-end encryption to its direct messages, and finally almost 5 years after the encryption era began, the company is now testing an end-to-e...
X (Formerly Twitter): Insecure Direct Object Reference - access to other user/group DM's
Hello, I found a way to access group DM's which i don't have access to, Conditions to be met: - Should have been in that DM group atleast once. Exploitation ways: =============== - let's say they're three twitter profiles, Naruto , Goku and Eren. - Naruto creates a DM group in between himself ,...
Slack: Stored XSS in Slackbot Direct Messages
Whenever a new team is created, Slackbot uses automated profile completion by asking a few questions from the user like the first name, last name, skype account etc. But instead of providing the correct details we provide as input then Slackbot will cause the data go inside the anchor tag ... so...
Setting Up a Secure and Private Twitter Account
To kick off the new year, we are restarting our tutorial screencast series where we attempt to briefly walk users through the process of locking down their various online accounts. Today’s video, which is just slightly longer than we had hoped, thoroughly details the steps necessary to ensure tha...
Twitter Bug Allowed Apps to Access Direct Messages Without Permission
Social networking sites such as Twitter and Facebook have become not just communication hubs, but also authentication mechanisms for third-party sites. Many sites and Web applications allow users to sign in with their Facebook or Twitter credentials rather than registering, which is a nice...
Phishy Direct Messages Link to Fake Twitter Sign-in Page
A wave of spammy direct messages on Twitter contain URLs leading to what appears to be a Twitter login page, but is actually a phishing site trying to pilfer user login credentials. The ploy from the attackers in this campaign is a familiar one: “hey, someone is spreading nasty rumors about you...
Twitter Deploys New Anti-Phishing Service
Twitter is launching a new service designed to prevent users from being tricked into visiting malicious Web sites after clicking on shortened URLs in direct messages or Twitter messages. The new Twiiter anti-phishing service, which launched Tuesday, essentially serves as a proxy between users and...