Quick action on their part helped, and also the fact that the initiator informed them of the vulnerability quickly. This attack for TweetDeck could have easily resulted in a major brand tarnishing episode. The answer, unfortunately, is again, Yes.Īs we have explained in a previous post, hackers frequently use XSS to execute scripts in the victim’s applications which can hijack user sessions, deface websites, or redirect the user to malicious sites. Efforts to un-retweet these messages, resulted in an error message and did not cause any effect on the original message. Users were alerted when they started receiving strange pop-ups, meanwhile, their TweetDeck app was busy re-tweeting tweets from “andy” ) over 40,000 users’ systems. The result was a worm which even though unable to force the user to follow the attacker, did cause considerable damage as it replicated with the simple act of viewing and did not restrict itself to infect, only when clicked upon. In this case, the XSS in TweetDeck allowed JavaScript to become plain text where a computer code was inserted, which when viewed in a user’s TweetDeck, retweeted itself as a code. Cross-site scripting, commonly known as XSS, refers to a weakness in the design of a website which can then be used by an attacker to inject malicious code into a website or web application, causing it to sway from its determined function. If you are wondering how a single tweet caused such massive disruption in the tweet world, let us take you through a little more detail. By the time he informed Twitter about the vulnerability, the hacker’s community had already ensured a mass TweetDeck hijacking. After trying the same message a couple of times, he announced the discovery of the vulnerability in TweetDeck, via a tweet. The incident occurred reportedly as an accident when an Austrian teenager succeeded in using the ♥ symbol by creating an opening in TweetDeck’s software. Stay tuned as we continue to follow for further updates and details as they become available.TweetDeck, the popular social media dashboard application for management of Twitter accounts, had to be temporarily shut down today, after being found vulnerable to cross-site scripting (XSS). As the revised API guidelines threaten these apps, it may be getting even harder to engage with Twitter in a reasonable manner. That said, apps like Tweetbot and Twitterrific worked to make browsing Twitter a more enjoyable or simply functional experience. Earlier this week, Twitter hosted an auction of office supplies, break room appliances, and various memorabilia to try to recoup Elon Musk’s losses in buying the company. Meanwhile, the company’s office spaces in San Francisco and Singapore have run into a number of issues regarding non-payment on rent. Musk previously used claims of doxing to ban accounts such as ElonJet, which he personally shared dislike for numerous times before the ban. This is the latest in a long line of chaotic moves by Twitter under Elon Musk’s leadership. Now it seems as though the revised API rules may be in place to end functionality for these apps permanently. Tweetbot and Tweetdeck users also reported broken functionality. Twitterrific was among the third-party apps that have been utilized by many Twitter users for years, have preceded the first-party Twitter iOS app itself. Unfortunately, because of the revised API rules and Twitter’s efforts to enforce them, third-party apps have already stopped functioning. Twitter recently tweeted that it would begin enforcing API rules in a way that could break third-party apps earlier in the week. The major change in the revision was an added clause to the Restrictions section, which now includes banning the “use or access the Licensed Materials to create or attempt to create a substitute or similar service or product to the Twitter Applications.” This change was the only revision to the rules that has been observed so far. Twitter shared its intentions to enforce API rules in a tweet earlier this week, but a revision to the API rules was published on Twitter’s website on January 19, 2023. Twitter previously signaled that it would begin enforcing these “long-standing API rules” in recent tweets, and now not only has a revision been published on Twitter’s API regulations page, but third-party app functionality has suffered as the company cracks down. Third-party apps like Tweetbot and Twitterrific have been used to operate and interact with Twitter for years, but a revision to the social media platform’s API rules may put a stop to that.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |