Like FireSheep? You Will Love FireTweet!

OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem.

Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications on Twitter can be made to read your private messages without your consent. Below is the screen you see from http://lab.thisisroyal.com/twitter/.

When you sign in and authorize the application it does indeed access your direct messages. Twitter responded to the problem and clarified that currently apps can access your direct messages. At the end of June there will be changes designed to give users more control over privacy. The web messages are there for the new technology, but it hasn’t been implemented yet. Until June 30th Twitter apps can access your private messages. With social networking sites it is always safest to use no apps at all, but if you are going to us apps, make sure you have good reason to trust the developer of the app before you share access to your private information.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Author ESET Research, ESET

  • Jericho

    Comparing this bug to FireSheep is absurd. Either you don’t know what FireSheep is and the attack vector it uses, or you are intentionally going for media hype over a considerably more minor issue.

    FireSheep does not require a user to click anything or authorize some information to be accessed. Your ‘FireTweet’ crap requires the user to explicitly allow an application to access some of their information, and it happens to look at a bit more than you allowed.

    Apples and Weasels.

  • Nicko

    What Jericho said.

    You clearly have no understanding of the two or it’s just shameless headline grabbing.

    • David Harley

      While I’m delighted not to be the only security curmudgeon that reads these things, it seems clear to me from Randy’s first sentence that he’s being flippant about comparing the two. And since he has written about Firesheep in some depth in the past, I’m pretty sure he knows the difference.

      I’m sure marketing would be very pleased if this post did grab some headlines, but I don’t think it’s going to make the front page of the Wall Street Journal.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic

2FA

10 Jun 2011
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.