Tweetdeck 'hack': rudimentary, but still widely shared

By Computing Staff
12 Jun 2014 View Comments
Twitter logo

The cross-site scripting (XSS) vulnerability in Twitter's Tweetdeck plugin may have been rudimentary, but it still led to posts being auto-retweeted by tens of thousands of Twitter users yesterday.

These included accounts used by the BBC, Labour leader Ed Miliband, and a senior White House official, according to several reports.

Twitter was forced to suspend Tweetdeck, the browser plugin which collates feeds from multiple sources, while it tried to patch the problem.

XSS vulnerabilities are dangerous because they are easily shared and can run scripts on users' devices. These may send data to a hacker from a remote browser, for example.

The weakness was reported yesterday by teenaged Austrian programmer 'Florian', who discovered that the plugin executed a snippet of HTML as code instead of displaying it as plain text.

He told The Telegraph: "I was shocked when I saw the script got executed. This is a mistake no web developer should make."


Reader comments
blog comments powered by Disqus
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

55 %
16 %
7 %
19 %
3 %