+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

An Austrian Teen Discovered The Vulnerability That Set Off TweetDeck's Outage

Jun 12, 2014, 03:36 IST

TweetDeck was down for about an hour Wednesday while the company was fixing a vulnerability allowing cross site scripting attacks (XSS) that caused a tweet with some code and a little heart in it to be retweeted over and over.

Advertisement

The script in the tweet was being rendered as code in users' browsers. Attackers could execute code (like making an account automatically retweet) on anyone's computer just by tweeting it out.

TweetDeck fixed the vulnerability, which may have first been discovered by an Austrian teen. The Verge reports that at 8:05 this morning, the Twitter account @FiroXL, which belongs to a 19-year-old named Florian, tweeted a Javascript tag along with a heart symbol and a German phrase that means something along the lines of "I wonder if this will work":

Twitter

He basically discovered that if he included the heart in his tweet, TweetDeck would execute Javascript or HTML from plaintext (that's why all the spammy tweets you saw in your timeline had hearts at the end of them). As soon as he discovered the vulnerability, he tweeted "Discovered vulnerability in TweetDeck."

Advertisement

From there, other Twitter users started using the technique. TweetDeck shut down its service while it made the security fixes necessary to fix the bug.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article