Featured Articles

Intel refreshes CPU roadmap

Intel refreshes CPU roadmap

Intel has revealed an update to its CPU roadmap and some things have changed in 2015 and beyond. Let’s start with the…

More...
Hands on: Nvidia Shield Tablet with Android 5.0

Hands on: Nvidia Shield Tablet with Android 5.0

We broke the news of Nvidia's ambitious gaming tablet plans back in May and now the Shield tablet got a bit…

More...
Nokia N1 Android tablet ships in Q1 2015

Nokia N1 Android tablet ships in Q1 2015

Nokia has announced its first Android tablet and when we say Nokia, we don’t mean Microsoft. The Nokia N1 was designed…

More...
Marvell launches octa-core 64-bit PXA1936

Marvell launches octa-core 64-bit PXA1936

Marvell is better known for its storage controllers, but the company doesn’t want to give up on the smartphone and…

More...
Nvidia GTX 970 SLI tested

Nvidia GTX 970 SLI tested

Nvidia recently released two new graphics cards based on its latest Maxwell GPU architecture, with exceptional performance-per-watt. The Geforce GTX 970…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Thursday, 12 June 2014 09:47

Twitter’s Tweetdeck has hole

Written by Nick Farrell

twitter logo

Tweets escape into wild

There is a XSS (cross-site scripting) vulnerability on Twitter's Tweetdeck which could lead the way for a rapidly spreading worm.

Michael Sutton, VP of security research, Zscaler said that the vulnerability, which was discovered last night could create something like the Mikeyy worm kicked off the trend back in 2009. All the twitter worms out there have relied on cross-site scripting (XSS) vulnerabilities, which Twitter has been fairly diligent about weeding out.

“This time the XSS bug wasn't on the twitter.com site, but limited to the web based version of TweetDeck, a popular front end that was acquired by Twitter back in 2011,” he said. While developers have become more aware of XSS and programming environments and browsers have introduced automated protection mechanisms, XSS remains the most common vulnerability seen in web apps, he added. “It remains a common flaw even on popular Internet properties as it can be challenging to properly validate all user supplied input, especially when trying to be flexible and allow users to post rich media content. In this case Twitter user @firoxl accidentally uncovered the flaw when looking for a way to post an emoticon and other quickly piled on, using the flaw to force automated retweets."

Tom Cross, director of security research, Lancope pointed out that XSS vulnerabilities are fairly common web application bugs that have been well understood by security professionals for a very long time. “Any organisation that runs a website should be testing their code for these vulnerabilities before they go into production. In this case, the consequence of the attack is mostly the ability to create annoying pop-ups that spread virally between users, but in other contexts XSS vulnerabilities can have more serious implications, which is why its important to check for them," he said.

Nick Farrell

E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments