While experimenting a few tricks by sending an HTML code to Twitter via TweetDeck, an Austrian computer science major student accidentally discovered an XSS (Cross Site Scripting ) vulnerability in the piece of software.

Florian, with a Twitter handle name @Firoxl, discovered the flaw when he was trying to display a little heart at the end of the tweet through TweetDeck. In similar way other scripts can also be used by some of the malicious hackers to compromise the integrity of users on the Twitter. It can eventually lead them losing the control over their systems.

Even though he immediately contacted the Twitter team, some of the hackers exploited it to become an nuisance for other users. According to reports, there was no severe damage that this flaw has caused, but Twitter went a little obnoxious by having crazy and long messages re-tweeting almost a thousand of times. One of the tweet stated, “LOL I SHOULD RULE THE WORLD”.

Trey Ford, Rapid7 said, “This vulnerability very specifically renders a tweet as a code in the browser, allowing various cross site scripting attacks to be run simply by viewing a tweet,” he says. “The current attack we’re seeing is a worm that self-replicates by creating malicious tweets.”

“This vulnerability very specifically renders a tweet as code in the browser, allowing various XSS attacks to be run by simply viewing a tweet. The current attack we’re seeing is a ‘worm’ that self-replicates by creating malicious tweets. It looks like this primarily affects users of the Tweetdeck plugin for Google Chrome. The guidance from Tweetdeck is simple and correct – log out, and log back in” He included.

No one could have ever imagined how a simple software sending out tweets can end up with flaws such like these and in a recent report, we were alerted about other hackers trying to find new flaws in TweetDeck.

The only possible way to stay safe now is to log out and log in every time you use the TweetDeck.

About The Author

Abby is fun loving yet serious professional, born and raised in Sioux Falls, SD. She has a great passion for journalism, her family includes her husband, two kids, two dogs and herself. She has pursued her Mass Communication graduation degree from the Augustana College. She is currently employed at TheWestsideStory.net, an online news media company located in Sioux Falls, SD.

Related Posts

9 Responses

  1. pedant

    was this story translated from some other language? “While experimenting a few tricks on by… ” “…some of the hackers exploited to be an nuisance for other users. …”

    Reply
  2. TweetDeck gets hacked with HTML tags – The Westside Story | dailynewscafe.net

    […] TweetDeck gets hacked with HTML tagsThe Westside StoryWhile experimenting a few tricks on by sending an HTML code to Twitter via TweetDeck, an Australian computer science major student accidentally discovered an XSS (Cross Site Scripting ) vulnerability in the piece of software. Florian, with a Twitter handle …Tweetdeck vulnerability found by teen trying to code emoji heartThe GuardianBug affects Twitter app – only brieflyPress HeraldTwitter Shuts Down TweetDeck, Users Vulnerable to Account HijackFashion TimesPC Magazine -Wicked Local Scituateall 393 news articles » […]

    Reply
  3. Somewhere in the Midwest; Thursday; June 12, 2014 | Auntie Rona's Trans Blog

    […] TweetDeck gets hacked with HTML tags […]

    Reply
  4. LaPaz and Lakeville, Indiana; Thursday; June 12, 2014 | L & L Beacon

    […] TweetDeck gets hacked with HTML tags […]

    Reply
  5. South Bend Indiana; Thursday; June 12, 2014 « South Bend Free Press

    […] TweetDeck gets hacked with HTML tags […]

    Reply
  6. South Bend Indiana; Thursday; June 12, 2014 | South Bend Homeless Herald

    […] TweetDeck gets hacked with HTML tags […]

    Reply
  7. Mishawaka, Indiana; Thursday; June 12, 2014 | Mishawaka Current

    […] TweetDeck gets hacked with HTML tags […]

    Reply
  8. Name

    That makes sense, I don’t think they have computers in the bush.

    Reply

Leave a Reply

Your email address will not be published.