Slashdot Mirror

← Back to Stories (view on slashdot.org)

TweetDeck Hacked

Posted by samzenpus on from the have-a-heart dept.

redletterdave (2493036) writes TweetDeck, Twitter's tool for real-time tracking and engagement of posts, was found to be vulnerable to cross-site scripting (XSS), a type of computer vulnerability commonly found in web applications that allows hackers to inject script into webpages to access user accounts and important security information. As a result of the hack, a tweet with an emoticon heart is being shared more than 38,000 times — automatically.

19 comments

  1. Hmmm. by SeaFox · · Score: 4, Funny

    Yet another security venerability involving hearts I see.

    1. Re:Hmmm. by Anonymous Coward · · Score: 0

      Does it date me that I thought of ILOVEYOU before Heartbleed?

    2. Re:Hmmm. by Anonymous Coward · · Score: -1

      But security vulnerabilities only exist in things written in C or C++!!! Javascript is "modern" and "memory safe" and thus cannot have any security issues!!

  2. Not really a hack by hsmith · · Score: 2

    More like exploited. Failure to escape content, which you should have been doing for the last 15 years, is hardly hacking.

    1. Re:Not really a hack by Anonymous Coward · · Score: 0

      seconded.

      xss is not "hacking".

      actually, "hacking" isn't hacking either, but that's another discussion.

      here's some more things that aren't hacks: http://gizmodo.com/please-stop...

    2. Re:Not really a hack by chrylis · · Score: 4, Interesting

      The code that I saw, which basically reached out of its container and hit the "retweet" button on itself, was definitely a clever hack.

    3. Re:Not really a hack by sexconker · · Score: 0

      More like exploited. Failure to escape content, which you should have been doing for the last 15 years, is hardly hacking.

      More like failure to be a decent website. Fuck all cross-domain scripting, cookies, etc. Block that shit and enjoy a cleaner, faster, safer, slightly more private internet.
      You have to load ads from another domain? Fuck you.
      You want me to load up shit from googleapis.com? No thanks.

    4. Re:Not really a hack by Anonymous Coward · · Score: -1

      Sadly, a lot of the web stuff (cgi-bin, cookies, JavaScript...) is just a hack upon another.

    5. Re:Not really a hack by Hsien-Ko · · Score: 3, Insightful

      Gizmodo and aren't hacks can't belong in the same sentence.

    6. Re:Not really a hack by Agent+ME · · Score: 1

      What exactly do you think most hacks are?

    7. Re:Not really a hack by Anonymous Coward · · Score: 0

      Yes. And we should move away from languages with no real memory control such as C that make these sorts of vulnerabilities possible.

      </badjoke>

    8. Re:Not really a hack by Anonymous Coward · · Score: 0

      The scary thing is
      a. you think you know what you are talking about
      b. you are probably programming

      XSS is not about escaping your input.

  3. Next headline: by geekoid · · Score: 2

    everything everywhere has been hacked. Deal with it.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    1. Re:Next headline: by Anonymous Coward · · Score: 0

      Rape happens. Deal with it. You probably didn't mean it, but it sounded like you were saying that people should just accept it happens without trying to do anything to change it.

  4. 38,000 TIMES! by Anonymous Coward · · Score: 0

    that got noticed?
    is that a lot

  5. First informative post by goombah99 · · Score: -1, Offtopic

    penis penis penis

    I am amused that I'll be modded informative.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  6. Why is this garbage here? by Anonymous Coward · · Score: -1

    Only preteen girls and Republicans use that shitty site. They constantly try to shove it down our throats. Since the CONservative take-over of /. all we see are these pro-Republican crap. Please stop. You Republicans have destroyed this site.

  7. "computer vulnerability"? by Anonymous Coward · · Score: 1

    Slow down, poindexter. That's a bit technical!

  8. Next headline: by Anonymous Coward · · Score: 0

    Not sure about that, I am sure I can build a machine that can never be hacked from the internet, or from the terminal... plus side it uses no power or internet. minus side is that it's a paperweight.