Featured Articles

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC: Volume production of 16nm FinFET in 2H 2015

TSMC has announced that it will begin volume production of 16nm FinFET products in the second half of 2015, in late…

More...
AMD misses earnings targets, announces layoffs

AMD misses earnings targets, announces layoffs

AMD has missed earnings targets and is planning a substantial job cuts. The company reported quarterly earnings yesterday and the street is…

More...
Did Google botch the Nexus 6 and Nexus 9?

Did Google botch the Nexus 6 and Nexus 9?

As expected, Google has finally released the eagerly awaited Nexus 6 phablet and its first 64-bit device, the Nexus 9 tablet.

More...
Gainward GTX 970 Phantom previewed

Gainward GTX 970 Phantom previewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
EVGA GTX 970 SC ACX 2.0 reviewed

EVGA GTX 970 SC ACX 2.0 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Thursday, 12 June 2014 09:47

Twitter’s Tweetdeck has hole

Written by Nick Farrell

twitter logo

Tweets escape into wild

There is a XSS (cross-site scripting) vulnerability on Twitter's Tweetdeck which could lead the way for a rapidly spreading worm.

Michael Sutton, VP of security research, Zscaler said that the vulnerability, which was discovered last night could create something like the Mikeyy worm kicked off the trend back in 2009. All the twitter worms out there have relied on cross-site scripting (XSS) vulnerabilities, which Twitter has been fairly diligent about weeding out.

“This time the XSS bug wasn't on the twitter.com site, but limited to the web based version of TweetDeck, a popular front end that was acquired by Twitter back in 2011,” he said. While developers have become more aware of XSS and programming environments and browsers have introduced automated protection mechanisms, XSS remains the most common vulnerability seen in web apps, he added. “It remains a common flaw even on popular Internet properties as it can be challenging to properly validate all user supplied input, especially when trying to be flexible and allow users to post rich media content. In this case Twitter user @firoxl accidentally uncovered the flaw when looking for a way to post an emoticon and other quickly piled on, using the flaw to force automated retweets."

Tom Cross, director of security research, Lancope pointed out that XSS vulnerabilities are fairly common web application bugs that have been well understood by security professionals for a very long time. “Any organisation that runs a website should be testing their code for these vulnerabilities before they go into production. In this case, the consequence of the attack is mostly the ability to create annoying pop-ups that spread virally between users, but in other contexts XSS vulnerabilities can have more serious implications, which is why its important to check for them," he said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments