Thursday, October 4, 2012

A vulnerability in the security system on Twitter

A vulnerability was discovered in the security system on Twitter

The hacker discovered a fundamental security vulnerability in the social network Twitter. The flaw allows attackers to gain unauthorized access to the accounts of Twitter users by brute force attack.

According to Daniel Dennis Jones, whose account was recently hacked, security system uses the Twitter limit login attempts to your account by IP-address. As a consequence, anyone can use an unlimited amount of IP-addresses for password guessing. Jones notes that this could have been avoided if Twitter put a limited number of attempts or used a system of two-factor authentication, as does Google.

Hacking account Jones was done with that "trying to enter the social network by guessing commonly used passwords." Note that most of the services and the site is blocked accounts after a certain number of times, or require the introduction of CAPTCHA-code. In the same restrictions put Twitter for IP-addresses.

At the moment, Twitter representatives did not provide comment on the situation.

No comments:

Post a Comment