SUPPOSEDLY patched but…
Researcher Hacks Twittter Using SSL Vulnerability
By: Brian Prince
A security researcher demonstrates how an SSL renegotiation vulnerability made public earlier in November could be exploited to steal Twitter log-in credentials.
A security researcher has demonstrated how attackers could use a newly discovered vulnerability in the Secure Sockets Layer protocol to launch an attack on Twitter.
The researcher, Anil Kurmus, posted details of the attack to his blog, The Secure Goose, Nov. 10. The exploit takes advantage of a vulnerability reported Nov. 5 by researchers from PhoneFactor. Although the security hole Kurmus took advantage of has reportedly been closed by Twitter, one of the researchers at PhoneFactor who discovered the bug said the exploit underscores the flaw’s significance.
You must be logged in to reply to this topic.