- Black Facebook employees say company racism has ‘gotten worse’ 5 Years Ago
- This fish with a ‘human face’ is here to give you nightmares 5 Years Ago
- TikTok’s piercing challenge leaves the fate of your face up to a filter Today 2:54 PM
- Soldiers with top-secret clearance say they were ordered to install a sketchy app Today 2:46 PM
- How to take your Korean beauty routine on the go Today 2:24 PM
- Disney+’s ‘Encore!’ is a love letter to high school theater Today 2:15 PM
- White tourist filmed shouting homophobic, racist slurs Today 1:31 PM
- U.K. advocacy group releases deepfakes of Corbyn, Johnson endorsing each other Today 1:07 PM
- ‘The Mandalorian’ series premiere throws ‘Star Wars’ in the middle of the wild west Today 12:35 PM
- A total guide to bone conduction headphones, plus our recommendations Today 12:34 PM
- Disney+ goes down on launch day Today 11:52 AM
- Anna Kendrick and Bill Hader shine in Disney+ Christmas movie ‘Noelle’ Today 11:52 AM
- What to do if you’ve lost your AirPods charging case Today 11:42 AM
- Stephen Miller’s racist emails leak Today 11:20 AM
- Why was parody Twitter account Seinfeld2000 suspended? Today 11:06 AM
How one simple Web security loophole left thousands vulnerable on TweetDeck
It may have sounded like clapping, but that noise you heard yesterday was actually droves of computer programmers slapping their hands against their foreheads.
TweetDeck was the reason for their exasperation. In violation of ultra-basic Web security rules, users of the Web and Google Chrome versions of the Twitter-viewing client discovered that the application contained a cross-site scripting (XSS) vulnerability that could have been and was exploited in various ways.
While the person who uncovered the vulnerability was a seemingly innocent 19-year-old who just wanted to use little hearts in his tweets, the most notable exploit came from someone who figured out how to code a tweet that would be automatically retweeted by anyone running vulnerable versions of TweetDeck. The tweet was retweeted more than 40,000 times in about 20 minutes, and it looked like this.
You won’t be able to reuse this method to craft your own quintuple-digit-retweeted tweet, however, as TweetDeck patched the vulnerability several hours after the public learned about it.
Fran Berkman is a technology reporter whose work for the Daily Dot focused on cryptocurrencies and internet freedom. In April 2017, he joined BuzzFeed as the deputy director of news curation.