It turned out that Twitter is in a simple configuration that can make it easy for intruders to take control of user accounts, according to security analysts of Foreground Security, Friday (22/01). Errors that occur in Twitter are in Adobe Flash object on the site, said Mike Bailey, senior analyst of security firm. Stark contrast to the recommendations Adobe, the Adobe Flash object can load the virtual files freely in any site on the Internet, including those that have the JavaScript code and Action Script.
"However, this is not Adobe's fault. This is a fact that many poor programmers who create Flash object code. "Added Bailey. By using the XML file in one of the servers, Bailey can exploit weaknesses in the Flash object to display the tweet into account, such as "@ mckt_ just pwned my Twitter account. Neat."
Action that can be done with these weaknesses, including the addition or deletion follower account and read messages directly from the account is assumed to have private. According to Baily, the merekonfigurasi an object requires at least an hour or more, and not for the time to write, this weakness was still active for more than 24 hours even after he was informed about this.
While from Twitter, it has been declared disable Flash object configuration error, when this problem has occurred.
http://www.beritanet.com/Technology/Security/Twitter-Adobe.html
Tidak ada komentar:
Posting Komentar