Twitter's Two-Factor Authentication vulnerability

After recent reports of failures in Twitter's SMS Two-Factor Authentication functionality, a researcher discovered that texting "STOP" to Twitter's verification service disables the authentication functionality altogether.

The vulnerability, verified by Information Security Media Group, means that a malicious user could spoof an account's registered phone number to disable two-factor authentication, which may then open up the account to further attacks and possibly a take-over.

Source: Schneier on Security.