XSS vulnerability in TweetDeck gets a fix



Twitter has patched up a security flaw in TweetDeck, an XSS cross-site scripting vulnerability which allowed an attacker to remotely execute Javascript code.

Related: AmazonCart: Tweet your purchase into your shopping cart

And when the vulnerability came to light yesterday, it was certainly used, with many thousands of users being treated to comedy pop-up messages, and forced retweets of the bug. Indeed, there were some 83,000 retweets of the script according to ZDNet, which hit some pretty major Twitter accounts like the New York Times and BBC Breaking News. At first it was thought that the vulnerability was just in the TweetDeck Chrome plugin, but then reports came in of other users being affected in terms of IE, Firefox, and the Windows app.

Apparently, the hacker who discovered the flaw told CNN that he informed Twitter about it immediately, but he also tweeted about his playing around with the bug, which was seen by others and the news quickly spread like wildfire, leading to the many exploits occurring before Twitter could yank the service down.

Yesterday, on the TweetDeck account, Twitter initially informed users: "A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix."

However, it seems the fix didn't work – or folks didn't follow that advice – and the exploit continued to spread, which led to Twitter taking the service down for a while: "We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up."

An hour later, the social network tweeted: "We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience."

Related: Twitter has a part to play in higher education

And this time, the flaw was patched up. While it was certainly an embarrassing and large-scale incident, by all accounts it doesn't seem like any real damage was done, and the exploits leveraged were apparently mostly harmless japes.

 




More

Windows 9 is coming but we should stop it before we get Windows 10

Ditching Windows: liberating your computing experience

Microsoft may be getting on to Windows 9 soon, but it's time to move on for the greater good.

Delaware first state to enact digital inheritance law

A bill recently passed in the state of Delaware would give family members the right to access a deceased person’s digital files.

Samsung and Barnes & Noble team on new Nook

It’s not exactly clear who is driving this boat but Samsung and Barnes & Noble have teamed up on a new Nook reading device that’s more like a tablet.