![]() ![]() ![]() Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center. His email address is more by Gregg Keizer on. Follow Gregg on Twitter at on Google+ or subscribe to Gregg's RSS feed. Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. "This worm does not appear to have the ability to force your account to follow the attacker," Ford asserted. The worm automatically made friend requests to Kamkar, and spread when victims viewed their profiles. Named for its maker, Samy Kamkar - who later pled guilty to hacking charges and served three years of probation - the worm exploited a cross-site scripting vulnerability in the then-popular MySpace social network. Rapid7's Ford compared the TweetDeck problem to the "Samy" worm that crawled through MySpace nine years ago. Some who followed instructions, however, continued to see unauthorized tweets on their feeds. Twitter itself, including its website-based feed and those it served to its own and third-party desktop and mobile clients, was unaffected.Įarlier Wednesday, TweetDeck urged users to log out of the service, then log back in, a process that was meant to clear users' sessions and thus prevent any additional malicious tweeting. The vulnerability primarily affected users who had installed the TweetDeck Web app designed for Google's Chrome browser, but there were scattered reports that the bug also impacted the Windows client application and the Web app for Firefox. "The current attack we're seeing is a 'worm' that self-replicates by creating malicious tweets." "This vulnerability very specifically renders a tweet as code in the browser, allowing various cross-site scripting (XSS) attacks to be run by simply viewing a tweet," said Trey Ford, a security strategist at Rapid7, in an email. Whats new in TweetDeck 3.0: Schedule Tweets with images Create, organise and share a timeline of the Tweets you want using Collections Redesigned with a new sidebar on the left for easy. ![]() A cross-site scripting (XSS) vulnerability was to blame, researchers quickly said. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |