People registered service during the rape came odd popups. Their systems also messages containing randomly scripts potentially malicious computer code re-tweeted.
When the site was taken down, TweetDeck Twitter: "We have temporarily taken TweetDeck services to assess safety issue before today We will update when the services are back up.."
A Twitter spokeswoman declined to comment.
The whole episode may have been inadvertently caused by an Austrian developer of 19 years. According to multiple sources, the girl, whose name is Florian, he realized that the use of "and hearts" makes a symbol "♥" in the HTML coding language used on the web.
He told CNN that as he was experiencing, he found that the heart symbol creates an opening in the software of the site. This in turn made it possible to inject script computer program through tweets.
Young alerted Twitter and published his findings online. Then others used it to hijack the site before Twitter programmers could solve the problem.
Florian Twitter account was quickly swamped by journalists and users of Twitter angry.
In response to requests for an interview, he said: ".. I do not want more publicity Everyone hates me because I reported a security-bug in TweetDeck Enough said."
Twitter programmers took several hours to plug the hole. Earlier in the day, Twitter launched a code solution that was supposed to close the security hole. But it did not work.
At that time, the company tweeted out, "a security issue that affected TweetDeck this morning has been fixed. Please log off and log back TweetDeck to fully implement the fix."
Less than an hour later, the site was down. He turned up mid-afternoon.
TweetDeck is a free download for desktops, iPhones, Google Android devices and Google Chrome browser. The software allows users to organize their Twitter streams and provides a more friendly view Twitter feeds.
"Tweetdeck seems to have jumped on this issue and patched, but we're still seeing that spread like wildfire through Twitter," said Trey Ford, a security expert at Rapid7, a security firm based in Boston.
"This vulnerability makes it very specifically a tweet as a code in the browser, which allows various sequences of cross-site scripting (XSS) that will run if only one tweet is queried.'s Current attack we are seeing is a" worm "that is creating self-replicating malicious tweets "he said.
It was initially reported that the vulnerability only affects desktop program and only when the application was run on the Google Chrome browser. However, users of other platforms, including Internet Explorer 9, are also reporting being attacked
According to the Verge website, users reported getting pop-up windows containing random messages like "Yo!" or "Please close TweetDeck now [sic], it is not safe."
TweetDeck Twitter bought in 2011 for about $ 40 million.
Launched in 2008, was the first third-party Twitter application to become popular among users of Twitter.
No comments:
Post a Comment