light bulb

Did You Know?



Reply
Posts: 5,619
Topics: 3,653
Kudos: 7,139
Registered: ‎06-12-2013

Tweetdeck has an XSS flaw. Here’s what you should do right now

Graham Cluley | June 11, 2014

 

A potentially serious security flaw has been found in Tweetdeck, a popular Twitter client.

At the time of writing the cross-site scripting (XSS) flaw doesn’t appear to have been exploited maliciously.

But that doesn’t mean you should rest on your laurels – after all, information about how to exploit the flaw is out there, and it is easy to imagine how someone could take advantage of it with malicious purposes.

 

XSS in Tweetdeck

XSS in Tweetdeck

 

Full Article

Sr. Community Leader

Posts: 5,619
Topics: 3,653
Kudos: 7,139
Registered: ‎06-12-2013

TROUBLE IN THE BABBLECHANNEL: TweetDeck XSSed

A bit more information.

 

Log out, revoke permissions, microwave your boxen - you know the drills

By Jack Clark,

Multiple users – including El Reg's HQ in London, England – reported on Wednesday that they had seen a suspicious pop-up within Tweetdeck that said “XSS in Tweetdeck”.

 

This exploit was able to execute arbitrary JavaScript in the user's browser – this is very bad as it means a hacker could potentially exploit the flaw to hijack an account, redirect the browser page to somewhere nasty, unleash eldritch digital horrors (and, yes, open pop-ups).

 

Sr. Community Leader

Posts: 729
Topics: 246
Kudos: 697
Registered: ‎02-15-2012

Re: TROUBLE IN THE BABBLECHANNEL: TweetDeck XSSed

Thanks for posting this story, Jasper! As a Tweetdeck user, I'm glad I haven't logged in today.

 

In addition to the stories you posted, SC Magazine UK posted some good coverage of the story, with quotes from Webroot's very own Director of Product Marketing, George Anderson. Here's what he said in an email to SC Magazine (you can find the full story here): 

 

"As Tweetdeck is a web app, sugning out might help to contain the infection, as long as users devices are not already infected. Because XSS steals the cookiesign-on information, users should get rid of all saved passwords, as wells as sign-in again on a secure browser session and change their logins. It's also best not to use Tweetdeck as long as it remains infected."

 

Update: ABC is reporting that Twitter has patched the Tweetdeck vulnerability as of a few hours ago. You can read that report here

 

Tweetdeck Vulnerability.jpg

 

(Source: SC Magazine UK) 

--Yegor P--
Social Media Content Coordinator

New to the Community? Sign up for FREE today.
Posts: 5,619
Topics: 3,653
Kudos: 7,139
Registered: ‎06-12-2013

Powerful worm on Twitter unleashes torrent of out-of-control tweets

The story from ars technica with some figures.

 

by Dan Goodin - June 11 2014

 

Running TweetDeck? It may have been hijacked by tweets containing attack code.

                                                                                  TweetDeck

 

Twitter on Wednesday was briefly overrun by a powerful computer worm that caused tens of thousands of users to tweet a message that contained self-propagating code exploiting a bug in the TweetDeck app.

Within a few hours, the cross-site scripting (XSS) attack caused at least 37,000 84,700 users to retweet a single message originally transmitted by the user @derGeruhn. The body of the message contained JavaScript commands that caused anyone viewing it in TweetDeck to automatically retweet it. The message spread virally. The more times it was retweeted, the more times it was viewed and retweeted by other people using the vulnerable app. The BBC News Twitter account alone pushed the message to 10.1 million followers.

 

Full Article

 

 

 

Sr. Community Leader

Community Manager Community Manager
Community Manager
Posts: 4,543
Registered: ‎12-16-2013