Twitter's Two-Factor Authentication vulnerability
After recent reports of failures in Twitter's SMS Two-Factor Authentication functionality, a researcher discovered that texting "STOP" to Twitter's verification service disables the authentication functionality altogether.
The vulnerability, verified by Information Security Media Group, means that a malicious user could spoof an account's registered phone number to disable two-factor authentication, which may then open up the account to further attacks and possibly a take-over.
Source: Schneier on Security.
Written by Steve Perry