Twitter, the social networking service, claims it recently fixed a vulnerability that allowed its users to create fake posts on other users' pages or sign up other users for text messaging without their knowledge. However, The H is already reporting that the fix is not effective, at least in the UK and Germany, after it tested the vulnerability.
Twitter users follow each other and receive updates when users post new messages to their Twitter pages. Twitter also allows users to send updates from their phones by sending text, or Tweets, and using Short Message Service (SMS) -- all in 140 characters or fewer. If you are following someone on Twitter, you will receive an update on your page about the user you are following. Twitter can send updates to your home page, cell phone, or both.
This vulnerability allowed anyone to hijack a Twitter account using an SMS spoofing service. If someone knew your mobile phone number, they could spoof messages to your Twitter home page so they would look like they were coming from you. Twitter has been aware of these problems for almost two years but has not moved to fix them. In fact, I found this exact vulnerability on the OnLamp.com page.
Many organizations use Twitter to blog about their company, new products, press releases, and to communicate with their customers. One of my bosses use to say, "technology is a beautiful thing as long as it works, and a terrible, terrible thing when it doesn't." Twitter is one of those technologies that could bring value to a company because of its reach and social impact or it could be a black eye on the face of social networking. If we are going to develop tools that people depend on, then we have to go to every extreme to make sure technology stays beautiful.