Twitter jumps to block XSS worm in Tweetdeck

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
The Twitters were a twitting this morning over a newly discovered cross-site scripting (XSS) flaw in the popular Tweetdeck software owned by Twitter itself.

What is cross-site scripting? Often abbreviated XSS it is a flaw in a web site that allows for the injection of client-side script code by unauthorized users.

In this example it meant that Twitter users could inject script code into a tweet that would take advantage of the Tweetdeck bug and execute code inside the browser of Tweetdeck users.

After the discovery of this bug, most tweets were harmlessly popping up alert messages in Tweetdeck users' browsers as our former colleague Graham Cluley showed in his blog this morning.

Taking a quick look at Twitter shows lots of attempts to exploit this flaw still flying around, although Twitter has now patched the flaw.

tweetdeckxss-5001.png


People have suggested this was not malicious, but I disagree. Creating a network worm even if only being used to spread a warning message is still malicious activity no matter how you cut it.

Read more: http://nakedsecurity.sophos.com/2014/06/11/twitter-jumps-to-block-xss-worm-in-tweetdeck/
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top