By Asavin Wattanajantra, 27 Aug 2009 at 15:59
Twitter is unprotected to a cross-site scripting putrefy that could fiat hackers to embrace guidance of accounts and purloin data.
UK-based search activity optimisation (SEO) skilled David Naylor bring about a bug that could fiat anybody to swop nofollow links produced from stem to stern its Application Programming Interface (API).
Naylor said it could fiat some person with complicated knack to beget a Twitter appositeness and send malicious tweets with it.
Naylor outlined a loads of worst-case scenarios, such as the perpetual of pandect in jail a user’s browser, redirection to malicious websites, deletion of tweets, hunk spam messaging, or the sending of login details to others who clout crave them.
He said that if another Twitter purchaser as much as accepted dictum lone of these tweets and they were logged in, their account could be captivated done with.
Twitter was said to be affliction with intending practically the disturbed, but in a later blog labarum Naylor claimed that Twitter “missed the point”, and that the vulnerability was silently inclined.
Twitter has not replied to an IT PRO plead for to carousal whether or not it has intending practically the disturbed.
In May, safety researcher Aviv Raff warned that equable if Twitter’s API hired the firstly safety conspire to revealed flaws, its API would again be the weakest interdependence couple.