Sign in / up

back to article Twitter blames website upgrade for re-introducing XSS hole

Twitter said it identified and fixed the cross site scripting flaw that led to meltdown on Tuesday a month ago, only to undo this fix with a later web site update. The revamp - which reintroduced a flaw that meant JavaScript could be injected into Tweets - was unrelated to the recent introduction of New Twitter. The cross-site …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    Cross?

    Why is this referred to as 'cross-site' scripting a lot, there's only one site involved?

    0 0
  2. Ian Ferguson
    FAIL

    Six hours to fix a XSS flaw?

    SIX hours? To block javascript from tweets, considering they've done it before?

    I call bullshit - I think all their engineers were asleep from 2am to 7am.

    0 0
  3. Craig 12

    'Fix' is a stretch

    I noticed this morning that the pop-up profile box is missing from hovering @names in tweets, so I guess they just removed all JS stuff like for a little while until they sort it properly.

    I think there were some malicious variants. Some definitely attempted to compile information via DMs

    0 0
  4. Rogerborg

    In what way was it an "attack"?

    There was no signal to disrupt with the noise.

    I'm sure there were some engineers on shift, but anyone with a high enough pay grade to actually make a decision about deploying a fix would be either snoozing or too busy trying to figure out how to actually make some money off of Twitter.

    0 0
  5. Matt K

    Er...

    "creating hundreds of thousands of spam message in the process"

    Isn't that business as usual for Twitter?

    0 0
  6. Darryl

    What's the issue?

    Personally, I'd prefer watching a Rick Astley video to reading people's random inane spews on Twitter

    0 0
  7. fase

    Leaked memo

    Twitter execs to engineers: "Way to go XSS holes!" ;)

    0 0
This topic is closed for new posts.

Other stories you might like