Researcher Confirms XSS Vulnerability on TwitterAn XSS (cross-site scripting) security flaw has been demonstrated on Twitter - the micro-blogging website. If the security flaw is exploited, it can allow hackers compromise the accounts of Twitter users or disseminate malicious software. A security researcher from Indonesia, using the name "H4x0r-x0x" as well as using Twitter handle "Own3d_5ys," found the flaw. He demonstrated the flaw through his private Twitter account, as reported by SCMagazine on June 24, 2010. The flaw emanates from non-validation of input pertaining to the name field of software while allowing fresh requests for different Twitter programs. When a user accesses his Twitter account, two XSS alert windows surface following which there is manipulation of the browser and eventually the user steps into the matrix when e-mails arrive from the flaw's founder. Daniel Kennedy, partner at Praetorian Security Group, states that he hasn't seen attackers use the flaw, nonetheless that can obviously take a turn. In the meantime, it appears that the problem resembles the one James Slater (the software developer) described during August 2009. That problem was related to 'Twitter's API (Application Programming Interface), which developers utilized for making software to post messages on the site. Evidently, the API didn't accurately scan the programs' URL, so one could inject a malevolent JavaScript together with an URL. It has been observed that Twitter's XSS flaws have been effectively exploited for compromising accounts and for creating worms such as StalkDaily or Mikeyy. Account compromise following infection is possible if the user simply goes to a profile that contains a malevolent JavaScript. With this, a website virus can be created wholly self-propagating in nature as against some more recent phishing assaults that steal the credentials of a user through a false Twitter page. Meanwhile, the current XSS vulnerability in Twitter is possibly the first such dangerous one since 2010 started. The security investigators state that the micro-blogging site should fix it fast because the flaw has already become public as well as in existence for many days. Notably, an associate researcher has informed Twitter about the problem as well as to Director Del Harvey of the Trust and Safety Team of Twitter. Related article: Researchers Urge Caution against Phishing Scams ยป SPAMfighter News - 7/3/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
