Twitter AAAPI Bug to Open Access to Users' Messages

Due to glitch in Account Activity API, a copy of a private message was sent to a random recipient 
25 September 2018   622

On September 10, 2018, Twitter detected a bug in the Account Activity API (AAAPI) sending a copy of a private message to a random recipient. The company officially stated that the error affected less than 1% of users. The developers fixed the problem within a few hours of detection. Currently Twitter sends notification to potential victims and works to neutralize possible damage.

The Account Activity API is designed to communicate with developers on the Twitter platform. Using this interface, contractors can send private messages to each other. The detected error led to the fact that, at the confluence of certain circumstances, information and tweets of clients came to third-party destinations. A bug in the interface existed in May 2017 and could affect any interactions over the past 16 months.

Twitter states that only officially registered developers could receive random messages. Currently, there is correspondence with possible recipients. Representatives of the company promise to monitor the developers' compliance with their obligations and make sure that the information received is illegally received.

Problems of information leakage due to developer errors or hacker attacks regularly pop up in the IT field. In early September, 2018, Family Orbit, a company specializing in the hidden control of user actions, allowed a leakage of 281 gigabytes of data obtained during the surveillance process.

Bootstrap 3.4.0 to be Out

The project team is focused on developing Bootstrap 4.2, so the current version didn’t get as many changes
17 December 2018   97

Bootstrap 3.4 is out - a free framework for creating websites and web applications. The project team is focused on developing Bootstrap 4.2, so the current version didn’t get many changes. In particular, the documentation has been updated, the problem with the XSS vulnerability has been fixed, and the Algolia search function has been added.

New features in the tool:

  • The developers added a new class .row-no-gutters, the ability to search for documents through Algolia and the addition to .navbar-fixed- * when opening a pop-up notification.
  • An issue with vulnerability to XSS attacks in Alert, Carousel, Collapse, Dropdown, Modal and Tab components has been fixed.
  • The developers have removed the double frame in the <abbr> elements. In addition, they refused to support dragging and dropping from the customizer and creating in the Gist web customizer, since GitHub had long since disabled this feature.

What has changed in the documentation

  • Developers have added a drop-down menu for new and previous versions to the documentation navigation.
  • The library for copying text to the ZeroClipboard clipboard was replaced with clipboard.js, and the testing was transferred to BrowserStack.
  • Reorganized CSS v3 documentation to use Less.
  • baseurl replaced by/docs/3.4/.
  • Updating links will allow you to open them only via HTTPS and fix broken URLs.

A detailed description of all the features of Bootstrap 3.4.0 is available in the official documentation. To upgrade to Bootstrap 3.4.0 using the npm package manager, thenpm i bootstrap @ previous or npm i bootstrap@3.4.0 commands are provided. Upgrading to this version via Bower is not available.