Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A Twitter user has demonstrated a cross-site scripting (XSS) vulnerability on the microblogging platform that could allow an attacker to take over users' accounts or spread malware.
An Indonesian security researcher, using the alias “H4x0r-x0x” and Twitter handle “0wn3d_5ys,” discovered the vulnerability and demonstrated the bug using his own Twitter account.
In addition, the researcher on Monday announced details about the flaw on a blog.
The vulnerability affects the “application name” field on Twitter's application registration page, used by developers when setting up a new Twitter application.
“I haven't seen it used by attackers yet, but obviously that can change,” Kennedy said.
Visiting the researcher's Twitter account causes a pair of XSS alert boxes, followed by a user's browser being manipulated. The demonstration of the flaw also causes an animation from the film “The Matrix” to appear, followed by messages from the researcher, one of which states, “My Twitter Owned By : H4x0r-x0x..”
A Twitter spokesperson told SCMagazineUS.com on Thursday that the company is aware of the issue and has fixed it for new applications, but is still working to patch it in all programs.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.