TweetDeck sinks then floats again
Some experts said the vulnerability could be exploited by hackers and reports cited instances of people's TweetDeck accounts hijacked via a Chrome browser.
The popular messaging platform said it discovered a security issue that affected TweetDeck and temporarily took the service offline, telling users: "Please log out of TweetDeck and log back in to fully apply the fix."
After a period of confusion and complaints about the fix not working, Twitter announced, "We've verified our security fix and have turned TweetDeck services back on for all users. Sorry for any inconvenience."
Independent security analyst Graham Cluley said the issue was a potentially serious security flaw and added, "It is easy to imagine how someone could take advantage of it with malicious purposes."
"In my opinion, TweetDeck isn't safe to use until the flaw has been fixed," Cluley said in a blog post. "So you's be well advised to quit TweetDeck right now, and revoke its access to your Twitter account."
It was not immediately clear if Twitter's fix had patched the flaws in the browser versions of the program.
Software changed to patch flaws
Earlier, City University of New York Journalism Professor Jeff Jarvis tweeted that his account appeared to have been compromised and that Twitter's advice failed to work.
"Goddamnit, @twitter: 1. Impossible to sign out of Tweetdeck when it's taken over 2. Killing app, reinstalling & signing in does NADA," he said.
Founded in 2008 by Iain Dodsworth, Tweetdeck is a favorite of frequent Twitter users, allowing them to view "tweets" in various different ways and to organise their messages into columns, features not offered on the multi-blogging platform's own website.
Twitter bought Tweetdeck in 2011. It had been an independent application until that point.
Unknown hackers also took down two Web services, the online note-taking firm Evernote and the RSS news site Feedly.
Evernote said on its status page that a denial of service attack began late on Tuesday (11 June) but most of its services were restored the following day.
Feedly said hackers were seeking to extort money from the firm and added: "We refused to give in and are working with our network providers to mitigate the attack as best as we can."
Feedly gained popularity when Google ended its Reader service, which provided news updates from a variety of websites.
Cluley praised Feedly to refusing to submit to the extortion. "It's right not to give in to the blackmailers who are essentially running
an extortion racket," he said.
"The danger of paying DDoS blackmailers is that you're only encouraging them to attack you more, perhaps increasing their financial demands next time," he said.
Source: AFP via I-Net Bridge
Source: I-Net Bridge
For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.
We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.
Go to: http://www.inet.co.za