Featured Articles

Nvidia GTX 980 reviewed

Nvidia GTX 980 reviewed

Nvidia has released two new graphics cards based on its latest Maxwell GPU architecture. The Geforce GTX 970 and Geforce GTX…

More...
Nvidia adjusts GTX 980 and GTX 970 pricing

Nvidia adjusts GTX 980 and GTX 970 pricing

It appears that Nvidia has been feeling the pulse of the market and took some note from comments regarding the original…

More...
iPhone 6 and 6 Plus reviews are up and they are good

iPhone 6 and 6 Plus reviews are up and they are good

Apple is dancing the same dance year after year. It releases the iPhone and two days before they start shipping it…

More...
Amazon announces three new tablets

Amazon announces three new tablets

Amazon has just released three new tablets starting with the $99 priced 6-inch Kindle Fire HD6. This is a 6-inch tablet…

More...
PowerColor TurboDuo R9 285 reviewed

PowerColor TurboDuo R9 285 reviewed

Today we will take a look at the PowerColor TurboDuo Radeon R9 285. The card is based on AMD’s new…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Thursday, 12 June 2014 09:47

Twitter’s Tweetdeck has hole

Written by Nick Farrell

twitter logo

Tweets escape into wild

There is a XSS (cross-site scripting) vulnerability on Twitter's Tweetdeck which could lead the way for a rapidly spreading worm.

Michael Sutton, VP of security research, Zscaler said that the vulnerability, which was discovered last night could create something like the Mikeyy worm kicked off the trend back in 2009. All the twitter worms out there have relied on cross-site scripting (XSS) vulnerabilities, which Twitter has been fairly diligent about weeding out.

“This time the XSS bug wasn't on the twitter.com site, but limited to the web based version of TweetDeck, a popular front end that was acquired by Twitter back in 2011,” he said. While developers have become more aware of XSS and programming environments and browsers have introduced automated protection mechanisms, XSS remains the most common vulnerability seen in web apps, he added. “It remains a common flaw even on popular Internet properties as it can be challenging to properly validate all user supplied input, especially when trying to be flexible and allow users to post rich media content. In this case Twitter user @firoxl accidentally uncovered the flaw when looking for a way to post an emoticon and other quickly piled on, using the flaw to force automated retweets."

Tom Cross, director of security research, Lancope pointed out that XSS vulnerabilities are fairly common web application bugs that have been well understood by security professionals for a very long time. “Any organisation that runs a website should be testing their code for these vulnerabilities before they go into production. In this case, the consequence of the attack is mostly the ability to create annoying pop-ups that spread virally between users, but in other contexts XSS vulnerabilities can have more serious implications, which is why its important to check for them," he said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments