While experimenting a few tricks by sending an HTML code to Twitter via TweetDeck, an Austrian computer science major student accidentally discovered an XSS (Cross Site Scripting ) vulnerability in the piece of software.
Florian, with a Twitter handle name @Firoxl, discovered the flaw when he was trying to display a little heart at the end of the tweet through TweetDeck. In similar way other scripts can also be used by some of the malicious hackers to compromise the integrity of users on the Twitter. It can eventually lead them losing the control over their systems.
Even though he immediately contacted the Twitter team, some of the hackers exploited it to become an nuisance for other users. According to reports, there was no severe damage that this flaw has caused, but Twitter went a little obnoxious by having crazy and long messages re-tweeting almost a thousand of times. One of the tweet stated, “LOL I SHOULD RULE THE WORLD”.
Trey Ford, Rapid7 said, “This vulnerability very specifically renders a tweet as a code in the browser, allowing various cross site scripting attacks to be run simply by viewing a tweet,” he says. “The current attack we’re seeing is a worm that self-replicates by creating malicious tweets.”
“This vulnerability very specifically renders a tweet as code in the browser, allowing various XSS attacks to be run by simply viewing a tweet. The current attack we’re seeing is a ‘worm’ that self-replicates by creating malicious tweets. It looks like this primarily affects users of the Tweetdeck plugin for Google Chrome. The guidance from Tweetdeck is simple and correct – log out, and log back in” He included.
No one could have ever imagined how a simple software sending out tweets can end up with flaws such like these and in a recent report, we were alerted about other hackers trying to find new flaws in TweetDeck.
The only possible way to stay safe now is to log out and log in every time you use the TweetDeck.