Twitter’s Newest XSS Bug

Sometimes even though you mean well, good stuff just does not happen all of the times as the results of your action. You can see this happen all of the time. This is especially true in the computer world. Someone will create a new feature to an already stable program and somehow that new feature corrupts the original program. Now at this point they have everyone mad at them and they have to start all over again. That is why some developers are very slow to add new features to very successful products. They do not want to tempt fate and have everything go wrong on them.

Twitter's Newest XSS Bug

This exact line of thinking seems to be what happened to Twitter lately. If you have ever dealt in the Twitter universe for any amount of time then you know that there are a various amount of ways to be able to access the service. You can go on the web site or you can use one of the many third party apps that are available to you. Even with a third party app you can have full access to the site just as you would when you visit twitter.com.

Just recently, Twitter bought one of the most popular third party clients called Tweetdeck. So many people loved using Tweetdeck, myself included, that Twitter decided to purchase it and make it their main client for people to use.

Tweetdeck

Usually, when a company buys an already existing product they do one of two things – they either shut it down and bring the people who made it in house. Or they keep it running and change very little about it. Twitter did neither. They took the product and added features to it. One of these features is to use Tweetdeck on the web. The same advantages that you had on the desktop client, you now have on the web site. But this is where the problems began.

Users of the new web site version of Tweetdeck found that there was a big security flaw. There was a big XSS hole that was ready to be discovered and exploited by any black hat hacker. An XSS security flaw is when part of a web site is able to execute code in the user’s browser from another web site. This means that a black hat hacker could place anything in your browser just by you visiting a web site which had an XSS flaw. And the online version of Tweetdeck definitely had that.

Since I began writing this post it would appear Twitter may have already fixed this problem but it should still serve as a reminder to always be careful!

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*