Today seems to be a very busy day for people who like to cause mischief on the internet. Earlier today Feedly was hit by a DDoS attack and it was being asked to pay money to call off the attack. While it was dealing with that, a XSS flaw caused havoc for Tweetdeck users. The “cross-site scripting” vulnerability was discovered on the client and essentially left millions of users open to account hijacking.
Several high profile accounts were affected through this coding vulnerability, including but not limited to an account of the British Broadcasting Company or BBC and that of Ed Miliband, leader of the Labour party in the UK.
The attacks were varied and rather irritating. Some opened warning dialogues on users’ computers which others executed javascript code in tweets from other sites. One attack created a stream of retweets that crossed 38,000 in a matter of minutes. Another attack changed Tweetdeck’s font to Comic Sans.
At first Tweetdeck advised users to just log out and back in again to fix the problem but that didn’t help. It then took down the service to “assess” the security issue. It has now verified that the security fix is doing what its supposed to do and has turned the service back on for all users once again.
Tweetdeck previously used to be a British company before it was acquired by Twitter a couple of years back.
Filed in Tweetdeck.
. Read more about