Gadgetory

sweet deck today suffered a major security bug amazing what some people can do in 140 characters I'm anchoring Jefferies and this is 90 seconds on the verge today a newly discovered vulnerability in some versions of tweet deck allowed attackers to remotely execute JavaScript code it seems to have started innocuously enough with users seeing random pop-up windows reading yo or please close tweet deck but some coders soon realize how to trigger the retweet command causing more tweet tech users to spread the code further many popular accounts were hit including the New York Times Central Park and the BBC soon after the news broke tweet deck took the service down as it assessed the security issue service returned an hour later after tweet deck said it had verified the security fix okay so what exactly is going on here in short the issue has to do with cross-site scripting or XSS let's say someone writes a bit of javascript code into a tweet a twitter client is supposed to convert that into harmless plain text but something went amiss and TweetDeck was instead executing the code as written all it had to do was show up in your tweet decks timeline one of the earliest examples we found was from a 19 year old Austrian teen named Florian from around 8:00 this morning he soon reported it publicly to TweetDeck which potentially alerted anyone who monitor the accounts mentions the small silver lining here is that the javascript is limited to what TweetDeck itself is allowed to do so while twitter might be a mess your local files and Gmail account should be okay for more on twitter and the web at large check out the verge coming up tomorrow we must seek answers for what comes after the ninetieth ii wait what