Internet News - Breaking News, Top Stories & More

TweetDeck has always had XSS vulnerability, Twitter finally noticed yesterday


Claiming TweetDeck was hacked yesterday is the wrong way to look at it, being hacked means one or a group of people managed to override whatever security a website or program has, in order to take information or change the way the program works for users.

This is not what happened to TweetDeck, the cross-site scripting was an error both TweetDeck and Google Chrome have had for quite a while, but never has been on a big enough scale to be noticeable by TweetDeck users. This means while the JavaScript vulnerability has now been patched, potential cases could have happened months before.

Hackers are capable of exploiting this flaw in the system to render things without 126 characters, all that Twitter allows. This is because hackers can literally write out code and it will work through the XSS vulnerability, instead of just becoming plain text that isn’t useful for anyone.

TweetDeck went down early yesterday morning after Twitter, the owners of the third party service, started seeing big news accounts running on auto-pilot and retweeting a code tweet. The service was taken down for a good few hours before Twitter announced they had fixed the bug, this is the second time in TweetDeck’s history an XSS vulnerability has hit.

The amount of cases of XSS vulnerabilities are falling, as the Web becomes a more safe place and code cannot simply be wrote as text on a status or tweet and turned into a powerful way to access people’s computers. There are still slip ups like TweetDeck yesterday, but on the whole programmers know how to properly defend against XSS now.

TweetDeck’s mobile applications were not harmed by the XSS issue, but Twitter is still advising people on any platform log out and back into the service, in order to properly flush out any of the potential issues.

There are no comments yet