Critical Cross-Site Scripting Vulnerability Hits Twitter
By on August 27th, 2009

As far as security is concerned, Twitter has been having a bad time over the past few months. There have been innumerable incidents of Twitter malware and scripting vulnerabilities besides the infamous TwitterGate incident. James Slater has uncovered another serious Cross-Site Scripting Vulnerability in Twitter which can allow hackers to gain control of your account just for viewing their Tweets.

You can find the details about the exploit here (or just watch the video embedded above). But in plain and simple terms, the problem is that Twitter allows developers utilising their API to put whatever they want in the application link (the link automatically identifies your twitter client). According to Slater Twitter is aware of this exploit but is yet to fix the issue.

This exploit is really scary since viewing the malicious tweet is sufficient for the hacker to steal your login information. If you are not logged into Twitter you would be safe or using a 3rd party Twitter client you should be safe. Hence, till Twitter goes ahead and fixes this vulnerability don’t tweet from the Twitter’s web interface.

Tags: , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN