The Register® — Biting the hand that feeds IT

Feeds

Month Of Twitter Bugs exposes microblogging flaws

Making a hashtag of Web 2.0 security

By John Leyden, 3rd July 2009
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

The Month Of Twitter Bugs has begun with the publication of a flaw in a URL shortening service often used in conjunction with the microblogging service.

Four cross-site scripting (XSS) vulnerabilities in the bit.ly URL-shrinking service were published on Wednesday. TweetDeck, one of the most popular Twitter clients, integrates bit.ly, making the flaws much more risky than might otherwise be the case.

Fortunately, three of the four bugs were fixed before an alert was published. The last flaw was addressed hours after the release of a notice via Twitpwn, the home page of the Month Of Twitter Bugs project.

On Thursday, the Twitpwn project published details of a resolved cross-site scripting flaw in HootSuite toolbox.

The Month of Bugs series was inaugurated three years ago with a four week period that offered a different browser bug every day. Originally, the brainchild of HD Moore, of Metasploit fame, noted researcher Aviv Raff is applying the idea to Twitter and associated service during July. He notes that the idea might just as easily be applied to any other Web 2.0 service.

Raff is calling on third-party application developers to work with Twitter in developing more secure tools. Several hacking attacks against Twitter have emerged over recent months, many related in one way or another to password security. Microbloggers are being urged to adopt more secure passwords in response to the heightened risk of hacking attacks against Twitter. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (3)
Latest Comments
Jason DePriest

@Tony Hoyle

"TweetDeck, one of the most popular Twitter clients, integrates bit.ly, making the flaws much more risky than might otherwise be the case."

"Twitter" for this "month of X bugs" is more than just the service itself, but includes the various common ways of interacting with the service.

0
0
Tony Hoyle

Huh?

How is a flaw in bit.ly a 'twitter bug'? URL shortening services existed before twitter and will exist afterwards.

0
0
Paul 37

Hacking Twitter ?

You mean people may be able to make self-absorbed comments and over-thought witty asides on my behalf without my say so ?

DAMN YOU ALL TO HELL !!!!!!!!!!

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Internet fraud still stings suckers
Australians twice as gullible as Americans
35