[cortesi]

I found vulnerabilities in two social gaming networks that let you take control of people's Facebook and Twitter accounts using _just_ the UDID. I never published the details of these vulnerabilities, but you can find an official acknowledgement from at least one of these companies (Chillingo of Angry Birds fame) in this WSJ piece:

http://blogs.wsj.com/digits/2011/09/19/privacy-risk-found-on...

[samfoo]

By "Take control of..." you mean "act with the permissions of the app", I assume? I can't see how Angry Birds the app would ever have full control over my Facebook account unless there's a catastrophic vuln. in the Facebook API.

[TylerE]

Angry Birds was made by Rovio, not Chillingo.

Chillingo is a publisher of 3rd rate knockoffs.

[cortesi]

Chillingo is the publisher of the original Angry Birds, and it's their social network (which is integrated with Angry Birds and therefore on millions of devices) that had the vulnerability.