• Interns & Social Media: A Goldmine for Hackers
    Articles,  Blog

    Interns & Social Media: A Goldmine for Hackers

    With summer on the way, a fresh crop of Gen Z interns will soon be getting security badges and credentials at companies around the world. This new crop of interns could be a hidden security risk. Gen Z often shares much of their lives on social media, but when they post pictures of themselves happily working at their new job, they can reveal information that could be used to help hackers plan their attacks. How do I know this? Because I’m one of them. My name’s Stephanie, aka Snow. Companies hire me and my team at IBM X-Force Red to break into their buildings and their network, to find holes…

  • XSS Tutorial #7 – Twitter’s Tweet Deck XSS (June 2014)
    Articles,  Blog

    XSS Tutorial #7 – Twitter’s Tweet Deck XSS (June 2014)

    Welcome to XSS Tutorial #7 : Twitter’s Tweetdeck XSS june 2014 In this video we will be talking about the cross site scripting attack that hit twitter in june of 2014. Every video will have all slideshows and code avialable in the description. – So what happened? The morning of June 11, Twitter applied a revamp to the user interface of it’s web application Tweetdeck. Tweetdeck is a tool that allows you to easily manage twitter accounts, giving several layout and customization of multiple streams. A few hours after the release of the update a self retweeting tweet was posted. Retweeting itself by anyone using tweetdeck that saw it. Booming…