Modernizing Authentication — What It Takes to Transform Secure Access
At 9:30am on July 11, 2014, TweetDeck announced, "A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix."
Thirty minutes later, TweetDeck added the following: "We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up."
One hour after that, TweetDeck tweeted, "We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience."
"TweetDeck appears to have jumped on this issue and patched it, but we're still seeing it spread like wildfire throughout Twitter," Rapid7 security strategist Trey Ford said in a statement. "This vulnerability very specifically renders a tweet as code in the browser, allowing various cross-site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we're seeing is a 'worm' that self-replicates by creating malicious tweets."
Softpedia notes that one message from Twitter user @derGeruhn was automatically retweeted more than 35,000 times.
Photo courtesy of Shutterstock.