Critical Cross-Site Scripting Vulnerability Hits Twitter

by Pallab | Translate | Print
Thursday, 27th Aug 2009 | Share


Share Critical Cross-Site Scripting Vulnerability Hits Twitter on Twitter Share Critical Cross-Site Scripting Vulnerability Hits Twitter on Facebook Save Critical Cross-Site Scripting Vulnerability Hits Twitter To Delicious Favorites Stumble Critical Cross-Site Scripting Vulnerability Hits Twitter Share Critical Cross-Site Scripting Vulnerability Hits Twitter on Digg Get Instant Updates as RSS Feeds from Techie Buzz

As far as security is concerned, Twitter has been having a bad time over the past few months. There have been innumerable incidents of Twitter malware and scripting vulnerabilities besides the infamous TwitterGate incident. James Slater has uncovered another serious Cross-Site Scripting Vulnerability in Twitter which can allow hackers to gain control of your account just for viewing their Tweets.

You can find the details about the exploit here (or just watch the video embedded above). But in plain and simple terms, the problem is that Twitter allows developers utilising their API to put whatever they want in the application link (the link automatically identifies your twitter client). According to Slater Twitter is aware of this exploit but is yet to fix the issue.

This exploit is really scary since viewing the malicious tweet is sufficient for the hacker to steal your login information. If you are not logged into Twitter you would be safe or using a 3rd party Twitter client you should be safe. Hence, till Twitter goes ahead and fixes this vulnerability don’t tweet from the Twitter’s web interface.



Share

You might also like:

Find something interesting.


Custom Search

About This Author

Author: Pallab De

Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written 92 articles for us.

Tags: , , , ,

No Responses so far | Share Your Opinions!

Leave a Comment

Note: We discourage users from using keywords in their names while posting comments, most of them get caught by spam, also it really would be more fruitful in knowing people who comment by their real name, rather than by using a name no one relates to. In future we reserve the right to delete comments from users using a name other than their own.

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>