Slack bug paved the way for a hack that can steal user access

Click here to visit Original posting

One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts.

Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates data in an internet browser.

“Slack missed an important step when using a technology called postMessage,” Rosen said on Wednesday in an email.

PostMessage is a kind of command that can let separate browser windows communicate with each other. In Slack, it’s used whenever the chat application opens a new window to enable a voice call.

To read this article in full or to leave a comment, please click here

Slack bug paved the way for a hack that can steal user access

I praise Lenovo for trying to revive glasses-free 3D, but its gorgeous ThinkBook 3D laptop is too little, too late

Lenovo summons spirit of Microsoft Bob with Tiko, its ‘compact AI emotional interaction companion’

It’s only a matter of time before Garmin ditches its old MIP screens entirely, and I’ll be sorry to see them go

I wasn’t a fan of the new Echo Show 15 and 21, but Alexa+ has changed my mind