Critical Cross-Site Scripting Vulnerability Hits Twitter

Critical Cross-Site Scripting Vulnerability Hits Twitter

As far as security is concerned, Twitter has been having a bad time over the past few months. There have been innumerable incidents of Twitter malware and scripting vulnerabilities besides the infamous TwitterGate incident. James Slater has uncovered another serious Cross-Site Scripting Vulnerability in Twitter which can allow hackers to gain control of your account just for viewing their Tweets.

You can find the details about the exploit here (or just watch the video embedded above). But in plain and simple terms, the problem is that Twitter allows developers utilising their API to put whatever they want in the application link (the link automatically identifies your twitter client). According to Slater Twitter is aware of this exploit but is yet to fix the issue.

This exploit is really scary since viewing the malicious tweet is sufficient for the hacker to steal your login information. If you are not logged into Twitter you would be safe or using a 3rd party Twitter client you should be safe. Hence, till Twitter goes ahead and fixes this vulnerability don’t tweet from the Twitter’s web interface.

Published by

Pallab De

Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .