TweetDeck Hacked

← Back to Stories (view on slashdot.org)

Posted by samzenpus on Wednesday June 11, 2014 @11:23AM from the have-a-heart dept.

redletterdave (2493036) writes TweetDeck, Twitter's tool for real-time tracking and engagement of posts, was found to be vulnerable to cross-site scripting (XSS), a type of computer vulnerability commonly found in web applications that allows hackers to inject script into webpages to access user accounts and important security information. As a result of the hack, a tweet with an emoticon heart is being shared more than 38,000 times — automatically.

19 comments

Min score:

Reason:

Sort:

Hmmm. by SeaFox · 2014-06-11 11:25 · Score: 4, Funny

Yet another security venerability involving hearts I see.
1. Re:Hmmm. by Anonymous Coward · 2014-06-11 11:41 · Score: 0
  
  Does it date me that I thought of ILOVEYOU before Heartbleed?
Not really a hack by hsmith · 2014-06-11 11:31 · Score: 2

More like exploited. Failure to escape content, which you should have been doing for the last 15 years, is hardly hacking.
1. Re:Not really a hack by Anonymous Coward · 2014-06-11 11:39 · Score: 0
  
  seconded.
  xss is not "hacking".
  actually, "hacking" isn't hacking either, but that's another discussion.
  here's some more things that aren't hacks: http://gizmodo.com/please-stop...
2. Re:Not really a hack by chrylis · 2014-06-11 11:41 · Score: 4, Interesting
  
  The code that I saw, which basically reached out of its container and hit the "retweet" button on itself, was definitely a clever hack.
3. Re:Not really a hack by sexconker · 2014-06-11 11:51 · Score: 0
  
  More like exploited. Failure to escape content, which you should have been doing for the last 15 years, is hardly hacking.
  More like failure to be a decent website. Fuck all cross-domain scripting, cookies, etc. Block that shit and enjoy a cleaner, faster, safer, slightly more private internet.
  You have to load ads from another domain? Fuck you.
  You want me to load up shit from googleapis.com? No thanks.
4. Re:Not really a hack by Hsien-Ko · 2014-06-11 12:18 · Score: 3, Insightful
  
  Gizmodo and aren't hacks can't belong in the same sentence.
5. Re:Not really a hack by Agent+ME · 2014-06-11 17:17 · Score: 1
  
  What exactly do you think most hacks are?
6. Re:Not really a hack by Anonymous Coward · 2014-06-11 18:02 · Score: 0
  
  Yes. And we should move away from languages with no real memory control such as C that make these sorts of vulnerabilities possible.
  </badjoke>
7. Re:Not really a hack by Anonymous Coward · 2014-06-11 18:44 · Score: 0
  
  The scary thing is
  a. you think you know what you are talking about
  b. you are probably programming
  XSS is not about escaping your input.
Next headline: by geekoid · 2014-06-11 11:47 · Score: 2

everything everywhere has been hacked. Deal with it.

--
The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
1. Re:Next headline: by Anonymous Coward · 2014-06-11 16:53 · Score: 0
  
  Rape happens. Deal with it. You probably didn't mean it, but it sounded like you were saying that people should just accept it happens without trying to do anything to change it.
38,000 TIMES! by Anonymous Coward · 2014-06-11 12:00 · Score: 0

that got noticed?
is that a lot
"computer vulnerability"? by Anonymous Coward · 2014-06-12 00:16 · Score: 1

Slow down, poindexter. That's a bit technical!
Next headline: by Anonymous Coward · 2014-06-13 06:28 · Score: 0

Not sure about that, I am sure I can build a machine that can never be hacked from the internet, or from the terminal... plus side it uses no power or internet. minus side is that it's a paperweight.