TweetDeck Taken Down in Wake of XSS Attacks

TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today.

TweetDeck services have been disabled for the time being as Twitter tries to get a handle on a cross-site scripting vulnerability that caused mountains of consternation on the social networking platform this morning.

Initially users were told log out of the real-time Twitter monitoring tool in order for a fix to take effect. But the repairs, however, didn’t take for some who reported seeing a pop-up dialog box indicative of a benign XSS exploit.

Users could be at risk for more serious attacks. Cross-site scripting occurs when attackers are able to inject code into webpages or web-based services that can automatically be executed by a user’s browser. Hackers successfully executing a cross-site scripting attack can remotely inject code client-side, leading to data loss or service interruption.

In the case of the TweetDeck exploit, an attacker could take over a user’s account, post or delete tweets or deface the account. Exploit code was tweeted throughout the morning, and automatically retweeted tens of thousands of times.

“This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet,” said Trey Ford, global security strategist at Rapid7. “The current attack we’re seeing is a ‘worm’ that self-replicates by creating malicious tweets. It looks like this primarily affects users of the Tweetdeck plugin for Google Chrome.”

Ford compared it to the Samy Worm that hit MySpace eight years ago, but points out that the TweetDeck worm does not force an account to follow the attacker.

Twitter acquired TweetDeck in 2011 for upwards of $50 million. TweetDeck provides users with a dashboard view of multiple accounts. Tweet timelines, notifications and direct messages appear in customizable streaming columns.

Suggested articles