Vulnerability Reporting in the Age of Social Media

Posted on May 27, 2011 by admin

Last night, I was searching for an old e-mail when I spotted this funny header:

Tweetdeck XSS

Somebody had a sense of humor, inserting an XSS joke in e-mail headers.

I thought it was funny, so I posted about it to Twitter:

Tweetdeck XSS

Few minutes later, I saw Robin Jackson reply with this:

Tweetdeck XSS

That can’t be real. No Twitter client would execute JavaScript just because a Tweet would contain a “script” tag.

Tweetdeck XSS

Tweetdeck XSS

To prove it was real, Robin posted a screenshot.

Tweetdeck XSS

The client he was using was Tweetdeck for Chrome. Time to inform the developers. And of course, they are on Twitter as well.

Tweetdeck XSS

Randy Janinda from Twitter’s security team responded within minutes:

Tweetdeck XSS

Tweetdeck XSS

Tweetdeck XSS

And just two hours later I got the confirmation from Tom Woolway of the Twitter development team that the fix is out:

Tweetdeck XSS

Signing off,
Mikko

On 27/05/11 At 01:28 PM

More here

FacebookFriendFeedWordPressBlogger PostDiggDeliciousGoogle BookmarksShare

Related posts:

  1. Heavy Use of Social Media in Finnish Elections
  2. The Keywords the DHS Is Using to Analyze Your Social Media Posts
  3. The Effects of Social Media on Undercover Policing
  4. TED
  5. Update: IE vulnerability (Security Advisory 2488013)

About admin

Information Security Blogger
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>