Twitter cuts feature on site over security flaw

BOSTON Sat Jan 23, 2010 4:18am IST

A Twitter page is displayed on a laptop computer in Los Angeles in this October 13, 2009 file photo. Twitter has temporarily disabled one of the features on its website after a security researcher warned of a programming flaw that left the login credentials of its users vulnerable to hackers. REUTERS/Mario Anzuoni/Files

A Twitter page is displayed on a laptop computer in Los Angeles in this October 13, 2009 file photo. Twitter has temporarily disabled one of the features on its website after a security researcher warned of a programming flaw that left the login credentials of its users vulnerable to hackers.

Credit: Reuters/Mario Anzuoni/Files

Related Topics

Election 2014

Election 2014

More than 814 million people — a number larger than the population of Europe — are eligible to vote in the world’s biggest democratic exercise.  Full Coverage 

BOSTON (Reuters) - Twitter has temporarily disabled one of the features on its website after a security researcher warned of a programming flaw that left the login credentials of its users vulnerable to hackers.

Twitter co-founder Biz Stone said in an email that the company had temporarily cut off access to a feature that lets users display Twitter updates on their websites by using Flash technology.

"Our team has disabled the Flash widget while we look into the problem," Stone said.

Mike Bailey, a senior security analyst with Foreground Security of Orlando, Florida, said that the problem exploits a widely known vulnerability in Adobe Systems Inc's Flash programming language.

Adobe has told programmers how to address the vulnerability, which was first discovered in 2006, Bailey added, but noted the operators of many websites have failed to respond to those warnings.

The microblogging site's huge popularity has made it a prime target for hackers looking to spread malicious software to Twitter's millions of users.

"As simple as the attack is, I've been finding them all over the place," Bailey said.

Officials with Adobe declined to comment.

A hacker last month briefly hijacked the Twitter site and redirected it to one that claimed to represent a group calling itself the Iranian Cyber Army. That high-profile attack -- by a perpetrator who stole credentials to the account that Twitter uses to route its traffic -- did not compromise credentials of any Twitter users.

Bailey said his analysis of the Twitter site showed that it could have been vulnerable to attacks for more than a year, but that it was impossible to know whether hackers had actually exploited the Adobe flaw.

He is scheduled to discuss his research on the Twitter flaw at the Black Hat DC security research conference in Washington, which begins on Feb. 2.

(Reporting by Jim Finkle; Editing by Derek Caney and Matthew Lewis)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Microsoft

Microsoft CEO Satya Nadella speaks during his keynote address at the company's "build" conference in San Francisco, California April 2, 2014. REUTERS/Robert Galbraith/Files

New Microsoft CEO Nadella impresses Wall Street, stresses challenges

Microsoft Corp's new chief executive on Thursday won rave reviews for his first public encounter with Wall Street analysts who said he communicated willingness to transform the world's largest software company as it scrambles to catch up in the mobile-computing era.  Full Article 

REUTERS SHOWCASE

Lawsuit Settlement

Lawsuit Settlement

Apple, Google agree to pay over $300 million to settle conspiracy lawsuit   Full Article 

FB Newswire

FB Newswire

Facebook courts journalists with newswire tool.  Full Article 

Trend-Setter

Trend-Setter

Trend-setter Apple's stock split could bring out the copycats.  Full Article 

Bidding Adieu

Bidding Adieu

Google social networking boss Gundotra leaving company.  Full Article 

Amazon Results

Amazon Results

Amazon's revenue increases even as spending rises.  Full Article 

Internet Conference

Internet Conference

Internet industry seen as winner at global conference in Brazil.  Full Article 

Baidu Performance

Baidu Performance

Baidu forecasts stronger-than-expected second-quarter revenue.  Full Article 

Hacking Threat

Hacking Threat

All at sea: global shipping fleet exposed to hacking threat.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage