Twitter restores TweetDeck service after XSS worm floods victims’ feeds
Twitter took its browser-based TweetDeck service offline Wednesday as it wrestled with a vulnerability that criminals exploited to tweet script-filed messages to victims’ feeds.
“We’ve temporarily taken TweetDeck services down to assess today’s earlier security issue,” Twitter’s TweetDeck account reported at 1pm ET yesterday.
An hour later, the service was back up and running. “We’ve verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience,” TweetDeck said, again on Twitter, at 1:55pm ET.
A cross-site scripting (XSS) vulnerability was to blame, researchers quickly said.
The vulnerability primarily affected users who had installed the TweetDeck Web app designed for Google’s Chrome browser, but there were scattered reports that the bug also impacted the Windows client application and the Web app for Firefox.
Twitter itself, including its website-based feed and those it served to its own and third party desktop and mobile clients, was unaffected.
Earlier Wednesday, TweetDeck urged users to log out of the service, then log back in, a process that was meant to clear users’ sessions and thus prevent any additional malicious tweeting. Some who followed instructions, however, continued to see unauthorized tweets on their feeds.
Gregg Keize, Computerworld
Subscribers 0
Fans 0
Followers 0
Followers