The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

Triple-Track Conference - 15th & 16th October


Capture the Flag - 15th & 16th October

HackWEEKDAY - 15th & 16th October

CommSec Village - 15th & 16th October


IOActive's Cesar Cerrudo, warns of Twitter privacy issues

Security researchers are advising users to take a close look at their Twitter accounts following the discovery of an issue which could put direct message content at risk.

Cesar Cerrudo, chief technology officer at security firm IOActive said that a flaw in the way Twitter handles permissions and notifications could allow a third-party application to gain access to a user's direct messages without prior notification or permission.

In a company blog post, Cerrudo explains that the issue appears to be a loophole in the way users grant permissions and the way a third-party application is able to access those permission. He said that while testing an application, he noticed that the tool was able to obtain far more access into his own account information than he had allowed.