Persistent XSS Flaw Harms Twitter
According to a software developer, an XSS (cross-site scripting) flaw influencing the security of Twitter continues to exist although the micro-blogging utility tries to develop a patch.
The researcher states that the flaw allows an attacker to seize session cookies, infect Twitter's visitors with malicious software, or create a virus that could damage the site. Moreover, the vulnerability could let a hacker to fully compromise the Twitter account of a victim.
Although the software maker claims that Twitter has a fix to address a serious XSS flaw, it holds little meaning as users continue to be susceptible to account compromising attacks.
Slater blamed Twitter for blindly relying on external data while developing Web programs, with the forms doing extremely limited or no checking of the data entered therein.
The blogger, who made his post on August 25, 2009, stated that despite Twitter maintaining that it had resolved the issue, the related patch hardly proved effective.
Meanwhile, the flaw represents the most recent issue that points out weaknesses in the social-networking site used by innumerable subscribers daily. In the current time, hackers are cashing in on an Application Programming Interface (API), which provides a simple method for users to develop individual programs that read and send tweets conveyed over Twitter.
Furthermore, in August 2009, Search Engine Optimization experts had disclosed one such technique from blackhat hackers, which was employed for raising the rank of a website through the receipt of a Twitter "link."
» SPAMfighter News - 17-09-2009