The Latest in IT Security

Vulnerability reporting in the age of social media

27
May
2011

Last night, I was searching for an old email when I spotted this funny header:

Tweetdeck XSS

Somebody had a sense of humour, inserting a XSS joke in email headers.

I thought it was funny, so I posted about it to Twitter:

Tweetdeck XSS

Few minutes later, I saw Robin Jackson reply with this:

Tweetdeck XSS

That can’t be real. No Twitter client would execute Javascript just because a Tweet would contain a “script” tag.

Tweetdeck XSS

Tweetdeck XSS

To prove it’s real, Robin posted a screenshot.

Tweetdeck XSS

The client he was using was Tweetdeck for Chrome. Time to inform the developers. And of course, they are on Twitter as well.

Tweetdeck XSS

Randy Janinda from Twitter’s security team responded within minutes:

Tweetdeck XSS

Tweetdeck XSS

Tweetdeck XSS

And just two hours later I got the confirmation from Tom Woolway of the Twitter development team that the fix is out:

Tweetdeck XSS

Signing off,
Mikko

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments