Wednesday, September 29, 2010

Transparency in action at Twitter



Enjoyed that tweet from the other day. As you may know, Twitter ran into a very public cross-site scripting (XSS) vulnerability recently:
"The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed."
News of the vulnerability exploded, but very quickly Twitter came out with a fix and just as importantly an detailed explanation of what happened, what they did about it, and where they are going from here:
 The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted website into another one. In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user. 
We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it. 
Early this morning, a user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This is why folks are referring to this an “onMouseOver” flaw -- the exploit occurred when someone moused over a link. 
Other users took this one step further and added code that caused people to retweet the original Tweet without their knowledge. 
This exploit affected Twitter.com and did not impact our mobile web site or our mobile applications. The vast majority of exploits related to this incident fell under the prank or promotional categories. Users may still see strange retweets in their timelines caused by the exploit. However, we are not aware of any issues related to it that would cause harm to computers or their accounts. And, there is no need to change passwords because user account information was not compromised through this exploit.
We’re not only focused on quickly resolving exploits when they surface but also on identifying possible vulnerabilities beforehand. This issue is now resolved. We apologize to those who may have encountered it.
Well done.
Posted by Lenny Rachitsky at 8:46 AM
Labels: ,

55 comments:

  1. With a Hotmail account, you can send and receive emails quickly and easily as well as login and use all Microsoft services.
    hotmail login | login to hotmail
    This is the game so players feel very fierce , adventurous . You try to join and play this game , you will feel great like.
    happy wheels | fireboy and watergirl | goodgame empire
    learn to fly | slither io | gun mayhem | age of war
    io games | strike force heroes | strike force heroes 4

    ReplyDelete

  3. تعتبر العاب تلبيس من اشهر الانواع في هذا المجال وهي بدورها تتضمن عدة اصناف جميلة ويعشقها الكتير وخاصة البنات منها العاب تلبيس ومكياج التي تمزج بين التلبيس وكذلك الميك اب في آن واحد هذا الامر الدي يزيد من جمالها وتجعل كل من يلعبها يستمتع بذلك زد على ذلك العاب تلبيس باربي التي تعرف شعبية كبيرة لانها شخصية مشهورة ويعرفها الصغير والكبير ولهم ذكريات جميلة معها لانها اشتهرت في عالم الكارتون والان اصبح الامر كذلك في مجال الالعاب وغير هذا هناك كذلك نوع آخر مميز ايضا وهو العاب تلبيس عرائس فالجميع يحلم ان يقوم بتلبيسهما لانها تذكرهم بهذه المناسبة الجميلة الا وهي الزواج التي تعتبر اهم مرحلة في حياة الانسان وهناك انواع مغايرة لها جمهور كبير في كل انحاء العالم وهي العاب قص الشعر ليس هي فقط بل توجد ايضا العاب طبخ التي يمكن للجميع لعبها سواء كانوا اولادا او بناتا وهي الاكتر طلبا في النت ويحبها الجميع ومعها ايضا العاب باربي التي تكلمنا عليها بكل انواعها

    ReplyDelete

  4. Coach Outlet http://www.coachstoreoutlet.us.org

    Christian Louboutin Shoes http://www.christianlouboutinshoe.eu.com

    Valentino Shoes http://www.valentinoshoes.eu.com

    Michael Kors Outlet http://www.michaelkorsoutlet.us.org

    Coach Factory Outlet http://www.coachfactoryoutlet.us.org

    Coach Outlet Online http://www.coachoutletonlinestore.us.org

    Coach Purses http://www.coachpurse.us.com

    Kate Spade Outlet http://www.katespadefactoryoutlet.us.com

    Toms Shoes http://www.toms-shoes.name

    Hermes Belts http://www.hermesbelts.us.org

    Louis Vuitton http://www.louisvuitton-outletstores.us.com

    Fendi Handbags http://www.fendibelt.us.com

    Giuseppe Shoes http://www.giuseppezanotti.eu.com

    Michael Kors Outlet http://www.michael-kors-outlet.us.com

    Stephen Curry Shoes http://www.stephencurryshoes.us.com

    Salomon Shoes http://www.salomonshoes.eu.com

    North Face Outlet http://www.northfacesoutlet.in.net

    Coach Outlet http://www.outletcoach.in.net

    North Face Outlet http://www.northfacesoutlet.us.com

    Burberry Outlet http://www.burberryoutletstore.us.org

    North Face Outlet http://www.north-faceoutlets.in.net

    North Face Jackets http://www.outletnorthface.in.net

    Skechers Shoes http://www.skechersshoes.us.com

    Toms Outlethttp://www.tomsoutletstore.us.org

    North Face Outlet http://www.northfacestoreoutlet.us.org

    Nike Air Max http://www.nikeoutlet.us.org

    Nike Hoodies http://www.nikehoodies.us.com

    Marc Jacobs Handbags http://www.marcjacobshandbags.name

    Marc Jacobs Outlet http://www.marcjacobsoutletstore.us.com

    Jimmy Choo Shoes http://www.jimmy-chooshoes.us.com

    Jimmy Choos http://www.jimmychoos.in.net

    Burberry Belt http://www.burberrybelt.us.com

    Louis Vuitton Belt http://www.louisvuitton-belt.com

    Salvatore Ferragamo http://www.ferragamo-belt.us.com

    Marc Jacobs Handbags http://marcjacobshandbagsoutlet.blog.com

    Lululemon Outlet http://www.lululemonsoutlet.us.com

    True Religion Outlet http://www.truereligion-outlets.in.net

    Tommy Hilfiger http://www.tommyhilfigeroutlet.us.com

    Michael Kors Outlet http://www.outletmichaelkors.eu.com

    Coach Outlet http://www.outletcoach.eu.com

    Red Bottoms http://www.redbottom.in.net

    Kevin Durant Shoes http://www.kevindurantshoes.us.org

    New Balance Outlet http://www.newbalanceoutlet.in.net

    Adidas Outlet http://www.adidasoutlet.in.net

    Coach Outlet Online http://www.coachoutlet-online.eu.com

    Stephen Curry Jersey http://www.stephencurryjersey.us.com

    Vans Outlet http://www.vansoutlet.us.com

    Ralph Lauren Outlet http://www.ralphlauren-outletstore.in.net

    True Religion Outlet http://www.true-religionoutlets.in.net

    ED Hardy Outlet http://www.edhardyoutlet.in.net

    North Face Outlet http://www.northfaceoutlet.eu.com

    UGG Outlet http://www.uggoutlet.us.org

    UGG Outlet http://www.outletugg.in.net

    North Face Outlet http://www.northface--outlet.us.com

    Ugg Boots Sale http://www.uggbootssale.in.net

    UGGS For Women http://www.uggsforwomen.us.com

    Skechers Go Walk http://www.skechersgowalk.us.com

    Adidas Yeezy Boost http://www.adidasyeezyboost.in.net

    Adidas Yeezy http://www.adidasyeezy.us.com

    Adidas NMD http://www.adidas-nmd.us.org

    Coach Outlet http://www.coachoutletinc.us.com

    ReplyDelete

  5. I would like to thank you for the efforts you have made in writing this article.
    wings.io | super mechs | wingsio | wingsio | super mechs 2 | wingsio game | supermechs

    ReplyDelete

  8. This reminds me when this one time I went to this new restaurant and I was amazed that so many people are willing to pay extra for what they could get at half the price somewhere else. Agen Poker

    ReplyDelete

  9. I find your opinion quite interesting, but the other day I stumbled upon a completely different advice from another blogger, I need to think that one through, thanks for posting. Poker Online Indonesia

    ReplyDelete

  10. Thanks, great post. I really like your point of view! Judi Poker

    ReplyDelete

  11. I really liked this part of the article, with a nice and interesting topics
    Agen Domino

    ReplyDelete

  12. Your post so Inspirative and good point.
    Thanks, great post. I really like your point of view!
    Bandar Ceme

    ReplyDelete

  13. That’s awesome! This post gives truly quality information. I love this post it very interesting and helpful for us, Thank for sharing all, Thank you so much. Poker Bonus Deposit Terbesar

    ReplyDelete

  14. This is great, you are good, i like your post and i still waiting our next post
    Bandar Ceme

    ReplyDelete

  15. Wow. good post. I’d like to write like this too , taking time and real hard work to make a great article. Thanks for sharing. Bonus Deposit Poker

    ReplyDelete

  16. Thanks for sharing nice information with us. I really liked this part of the article, This is truly awesome article. Bonus Member Baru Poker Online

    ReplyDelete

  17. I would like to thank you for the efforts you have made in writing this article , Your article very well and good, thanks for posting. Judi Capsa

    ReplyDelete

  18. It is a good and amazing article. Your information is very useful for me and for others. thank you so much. BoyaQQ

    ReplyDelete

  19. This article is very good, I like this article, thanks for sharing. Link Alternatif BoyaQQ

    ReplyDelete

  20. Good Job And continue to make useful articles.
    Link Alternatif BoyaQQ

    ReplyDelete

  21. Your articles were very nice and full of information.
    BoyaQQ

    ReplyDelete

  23. Very Fantastic article, I really like your point of view!
    Good Job And continue to make useful articles.
    DominoHP.net Agen Poker Online Terpercaya

    ReplyDelete

  24. This is great, you are good, i like your post and i still waiting our next post
    Bandar Ceme

    ReplyDelete

  25. This is so interesting, I have never seen this before , Nice Post. Bandar Domino

    ReplyDelete

  26. Thanks for this wonderful post and hoping to post more of this. Bandar QQ

    ReplyDelete

  27. great post. I really like your point of view!
    Bandar Ceme

    ReplyDelete

  28. I need to think that one through, thanks for posting.
    Domino Qiu Qiu

    ReplyDelete

  29. great post. I really like your point of view!
    Bandar Ceme

    ReplyDelete

  30. I need to think that one through, thanks for posting.
    Domino Qiu Qiu

    ReplyDelete

  31. Thanks, guys you always provide useful information through your articles
    Agen Domino

    ReplyDelete

  32. Really a nice content i am going to bookmark your site thanks
    Domino QQ

    ReplyDelete

  33. Your blog information is nice and friendly. This post is very helpful for me. Thank for post.
    Judi Ceme

    ReplyDelete

  34. This is impressive and also great information, This is excellent. Judi Domino

    ReplyDelete

  35. This is really very nice blog and so informative, I would like to thank you for all the information you give. Domino 99

    ReplyDelete


  36. Absolutely really Amazing Articel and good point in there.
    Thanks shared.
    Dominoqiu

    ReplyDelete

  37. Nice Post, and good Information for this site.
    Thanks for shared!!
    Dominoqq

    ReplyDelete

  39. Nice Post, and good Information for this site.
    Thanks for shared!!
    Dominoqq

    ReplyDelete

  40. Thanks for posting, this is really amazing.
    BandarQQ Online

    ReplyDelete

  41. Some of these information are really amazing. Thank you for giving me good information.
    Situs BandarQQ

    ReplyDelete

  42. I would like to thank you for all the information you give. information your is useful to me.
    BandarQQ Terpercaya

    ReplyDelete

  43. I understand what you bring it very meaningful and useful, thanks.


    www.happywheelsy8.com

    ReplyDelete

  44. I was very impressed by this post, this site has always been pleasant news. Thank you very much for such an interesting post. Keep working, great job! In my free time, I like play game: douchebagworkout2.org. What about you?

    ReplyDelete

  45. I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.
    Very interesting blog.
    minecraft2.com.br

    ReplyDelete

  46. This blog is so nice to me. I will continue to come here again and again. Visit my link as well. Good luck
    http://www.jualobataborsiherbal.com/ obat aborsi
    http://caramenggugurkankandungan.info/ cara menggugurkan kandungan
    http://www.jualobataborsiherbal.com/cara-menggugurkan-kandungan/ cara menggugurkan kandungan
    http://jualobatpenggugurkandungan.net/ obat penggugur kandungan
    http://tandatandakehamilan.net/ tanda tanda kehamilan
    http://tandatandakehamilan.net/cara-cepat-dan-selamat-menggugurkan-kandungan/ cara menggugurkan kandungan
    http://obataborsi59.com/ obat aborsi
    http://obattelatdatangbulan.info/ obat telat datang bulan

    ReplyDelete

  48. Horse Rancher, Bleach Training 2, Thing Thing 3, 3-D Missile and so on, are some of the world class free action games. Domino QQ

    ReplyDelete

  49. The games are suburb, designed to leave you stuck on the screen yearning for more play time. Most of them can be downloaded from the internet. Agen Bola

    ReplyDelete

  51. There's definately a lot to know about this issue. I really like all the points you made. cute bird names , cool bird species names

    ReplyDelete

  52. Very good information. rooted android emulator , rooted android emulator for windows 10 Lucky me I ran across your site by accident (stumbleupon). I have saved it for later!

    ReplyDelete

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)