Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

TweetDeck Hacked

samzenpus posted about 3 months ago | from the have-a-heart dept.

Security 19

redletterdave (2493036) writes TweetDeck, Twitter's tool for real-time tracking and engagement of posts, was found to be vulnerable to cross-site scripting (XSS), a type of computer vulnerability commonly found in web applications that allows hackers to inject script into webpages to access user accounts and important security information. As a result of the hack, a tweet with an emoticon heart is being shared more than 38,000 times — automatically.

cancel ×

19 comments

Sorry! There are no comments related to the filter you selected.

Hmmm. (4, Funny)

SeaFox (739806) | about 3 months ago | (#47217953)

Yet another security venerability involving hearts I see.

Re:Hmmm. (0)

Anonymous Coward | about 3 months ago | (#47218063)

Does it date me that I thought of ILOVEYOU before Heartbleed?

Re:Hmmm. (-1)

Anonymous Coward | about 3 months ago | (#47219251)

But security vulnerabilities only exist in things written in C or C++!!! Javascript is "modern" and "memory safe" and thus cannot have any security issues!!

First informative post (-1, Offtopic)

goombah99 (560566) | about 3 months ago | (#47219345)

penis penis penis

I am amused that I'll be modded informative.

Not really a hack (2)

hsmith (818216) | about 3 months ago | (#47217993)

More like exploited. Failure to escape content, which you should have been doing for the last 15 years, is hardly hacking.

Re:Not really a hack (0)

Anonymous Coward | about 3 months ago | (#47218043)

seconded.

xss is not "hacking".

actually, "hacking" isn't hacking either, but that's another discussion.

here's some more things that aren't hacks: http://gizmodo.com/please-stop... [gizmodo.com]

Re:Not really a hack (3, Insightful)

Hsien-Ko (1090623) | about 3 months ago | (#47218309)

Gizmodo and aren't hacks can't belong in the same sentence.

Re:Not really a hack (4, Interesting)

chrylis (262281) | about 3 months ago | (#47218059)

The code that I saw, which basically reached out of its container and hit the "retweet" button on itself, was definitely a clever hack.

Re:Not really a hack (0)

sexconker (1179573) | about 3 months ago | (#47218121)

More like exploited. Failure to escape content, which you should have been doing for the last 15 years, is hardly hacking.

More like failure to be a decent website. Fuck all cross-domain scripting, cookies, etc. Block that shit and enjoy a cleaner, faster, safer, slightly more private internet.
You have to load ads from another domain? Fuck you.
You want me to load up shit from googleapis.com? No thanks.

Re:Not really a hack (-1)

Anonymous Coward | about 3 months ago | (#47218243)

Sadly, a lot of the web stuff (cgi-bin, cookies, JavaScript...) is just a hack upon another.

Re:Not really a hack (1)

Agent ME (1411269) | about 3 months ago | (#47219753)

What exactly do you think most hacks are?

Re:Not really a hack (0)

Anonymous Coward | about 3 months ago | (#47219881)

Yes. And we should move away from languages with no real memory control such as C that make these sorts of vulnerabilities possible.

</badjoke>

Re:Not really a hack (0)

Anonymous Coward | about 3 months ago | (#47219991)

The scary thing is
a. you think you know what you are talking about
b. you are probably programming

XSS is not about escaping your input.

Next headline: (2)

geekoid (135745) | about 3 months ago | (#47218087)

everything everywhere has been hacked. Deal with it.

Re:Next headline: (0)

Anonymous Coward | about 3 months ago | (#47219661)

Rape happens. Deal with it. You probably didn't mean it, but it sounded like you were saying that people should just accept it happens without trying to do anything to change it.

Next headline: (0)

Anonymous Coward | about 2 months ago | (#47231727)

Not sure about that, I am sure I can build a machine that can never be hacked from the internet, or from the terminal... plus side it uses no power or internet. minus side is that it's a paperweight.

38,000 TIMES! (0)

Anonymous Coward | about 3 months ago | (#47218201)

that got noticed?
is that a lot

Why is this garbage here? (-1)

Anonymous Coward | about 3 months ago | (#47219545)

Only preteen girls and Republicans use that shitty site. They constantly try to shove it down our throats. Since the CONservative take-over of /. all we see are these pro-Republican crap. Please stop. You Republicans have destroyed this site.

"computer vulnerability"? (1)

Anonymous Coward | about 2 months ago | (#47220937)

Slow down, poindexter. That's a bit technical!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>