Popular Twitter client, TweetDeck, had a short bout of drama while Malaysians were asleep. A vulnerability in the cross site scripting (XSS) cause thousands of users to unwittingly retweet the same message. While the message did not contain any malicious code, it did spread across the internet very quickly causing some 84,700 users to automatically retweet it before Twitter shutdown the client.
Fortunately, TweetDeck was only down for a short while, and is currently up and running again. The issue appears to be confined to only the web based version of TweetDeck, although there have been reports of it also affecting the Windows app version. Users have been advised to log out of their accounts and log in again to apply the new fix.
Twitter scrambled to close the vulnerability as it would allow future attacks to execute javascript code in browsers, which could allow for a new attack vector from malicious hackers. In this case, it would appear that the attack was not meant to cause any harm. The Verge has reported that the incident may in fact have been an accident caused by a teen experimenting with tags and symbols. A move that alerted other Twitter users to the fact that the microblogging service was executing that sort of code.
The speed at which Twitter managed to fix the issue is rather reassuring, as the service was only disrupted for about 2 hours with no damage – beyond a mild inconvenience – done.
[Source: The Verge, Ars Technica]
