SMS Vulnerability in Twitter, Facebook, and Venmo

<i>Right now, most people use Tent to share short 256 character long status posts with friends. Many independent developers are building other apps that use the Tent protocol.</i><p>The author should disclose if his start-up potentially competes with Twitter.

You can spoof sender information even when you're running through a shortcode gateway, so short of requiring some sort of authentication on every transaction, there's no real way around this.<p>Just like email, you should never trust the remote identity.

Almost two years ago: <a href="http://www.ahmedabadmirror.com/article/3/20101125201011250211352165d14fe53/Who-updated-your-Facebook-status.html" rel="nofollow">http://www.ahmedabadmirror.com/article/3/2010112520101125021...</a>

I thought this sounded familiar:<p><a href="http://www.oreillynet.com/onlamp/blog/2007/04/twitter_and_jott_vulnerable_to.html" rel="nofollow">http://www.oreillynet.com/onlamp/blog/2007/04/twitter_and_jo...</a><p><a href="http://voices.washingtonpost.com/securityfix/2009/03/twitter_security_h.html" rel="nofollow">http://voices.washingtonpost.com/securityfix/2009/03/twitter...</a>

best and scariest quote of the post<p><pre><code> Twitter has a PIN code feature that requires every message to be prepended with a four-digit alphanumeric code. This feature mitigates the issue, but is not available to users inside the United States. </code></pre> So they fixed the problem... but are withholding the fix from tons of users?

You can spoof outbound numbers for voice or sms.<p>As I've said previously, phone number is not identity and confusing the two is foolish.<p>What'sApp uses your phone number as the username and your IMEI backwards as the password, so I'd say they're a tad more insecure than even these folks.

Twitter has a huge engineering department. I just don't know what they do.