Twitter disables Flash widget over security fears
By Reuters
Posted on 25 Jan 2010 at 07:20
Twitter has temporarily disabled one of the features on its website after a security researcher warned of a flaw that left the login credentials of its users vulnerable to hackers.
Twitter co-founder Biz Stone says the company had temporarily cut off access to a feature that lets users display Twitter updates on their websites using Flash. "Our team has disabled the Flash widget while we look into the problem," Stone says.
Mike Bailey, a senior security analyst with Foreground Security says that the problem exploits a widely known vulnerability in Adobe's Flash programming language. Adobe has told programmers how to address the vulnerability, which was first discovered in 2006, Bailey adds, but says the operators of many websites have failed to respond to those warnings.
Follow us!
Click here to join PC Pro on TwitterThe microblogging site's huge popularity has made it a prime target for hackers looking to spread malicious software to Twitter's millions of users. "As simple as the attack is, I've been finding them all over the place," Bailey claims.
Officials with Adobe declined to comment.
A hacker last month briefly hijacked the Twitter site and redirected it to one that claimed to represent a group calling itself the Iranian Cyber Army. That high-profile attack - by a perpetrator who stole credentials to the account that Twitter uses to route its traffic - didn't compromise credentials of any Twitter users.
Bailey says his analysis of the Twitter site shows that it could have been vulnerable to attacks for more than a year, but that it was impossible to know whether hackers had actually exploited the Adobe flaw.
From around the web
An Orwellian world for Big Brother
Tweets regarding 'The Future Internet
http://twitter.com/BetweenMyths
If you want to know where the future Internet is heading, then I suggest you read the following three articles:
An Orwellian world for Big Brother http://bit.ly/6cm9fT
The world government global database
http://bit.ly/8aeM6Z
Union Now, the U.N. and World Government
http://bit.ly/8kAp7G
By BetweenMyths on 25 Jan 2010 
advertisement
- How to install Internet Explorer 9
- Maintaining and supporting IE9
- Plan your deployment
- Creating a custom browser package
- Search in corporate environments
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Amazon Kindle Fire review: first look
- Lytro light-field camera: first look
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk