Featured Articles

AMD sheds light on stacked DRAM APUs

AMD sheds light on stacked DRAM APUs

AMD is fast tracking stacked DRAM deployment and a new presentation leaked by the company  points to APUs with stacked DRAM,…

More...
Nvidia officially launches the 8-inch Shield Tablet

Nvidia officially launches the 8-inch Shield Tablet

As expected and reported earlier, Nvidia has now officially announced its newest Shield device, the new 8-inch Shield Tablet. While the…

More...
Intel launches new mobile Haswell and Bay Trail parts

Intel launches new mobile Haswell and Bay Trail parts

Intel has introduced seven new Haswell mobile parts and four Bay Trail SoC chips, but most of them are merely clock…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
AMD A8-7600 Kaveri APU reviewed

AMD A8-7600 Kaveri APU reviewed

Today we'll take a closer look at AMD's A8-7600 APU Kaveri APU, more specifically we'll examine the GPU performance you can…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Thursday, 12 June 2014 09:47

Twitter’s Tweetdeck has hole

Written by Nick Farrell

twitter logo

Tweets escape into wild

There is a XSS (cross-site scripting) vulnerability on Twitter's Tweetdeck which could lead the way for a rapidly spreading worm.

Michael Sutton, VP of security research, Zscaler said that the vulnerability, which was discovered last night could create something like the Mikeyy worm kicked off the trend back in 2009. All the twitter worms out there have relied on cross-site scripting (XSS) vulnerabilities, which Twitter has been fairly diligent about weeding out.

“This time the XSS bug wasn't on the twitter.com site, but limited to the web based version of TweetDeck, a popular front end that was acquired by Twitter back in 2011,” he said. While developers have become more aware of XSS and programming environments and browsers have introduced automated protection mechanisms, XSS remains the most common vulnerability seen in web apps, he added. “It remains a common flaw even on popular Internet properties as it can be challenging to properly validate all user supplied input, especially when trying to be flexible and allow users to post rich media content. In this case Twitter user @firoxl accidentally uncovered the flaw when looking for a way to post an emoticon and other quickly piled on, using the flaw to force automated retweets."

Tom Cross, director of security research, Lancope pointed out that XSS vulnerabilities are fairly common web application bugs that have been well understood by security professionals for a very long time. “Any organisation that runs a website should be testing their code for these vulnerabilities before they go into production. In this case, the consequence of the attack is mostly the ability to create annoying pop-ups that spread virally between users, but in other contexts XSS vulnerabilities can have more serious implications, which is why its important to check for them," he said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments