Twitter users vulnerable to security flaw thanks to Adobe Flash

A flaw in Adobe Flash has left Twitter users’ login credentials wide open for hackers to take a swing at, according to a news report from Reuters.

A senior security analyst by the name of Mike Bailey, who is with Foreground Security in Orlando, Florida, stated that he discovered the problem which exploits a highly publicized vulnerability in Adobe’s Flash platform, commonly used in today's interactive web sites and applications.

He informed Twitter of the flaw and it should only take a few hours at the most to patch up the vulnerability by changing the site’s code. Adobe informed programmers how to address the flaw, which dates back to 2006, but many web developers have yet to heed the software makers’ warnings.

Bailey said that "as simple as the attack is, I’ve been finding them all over the place."

He concluded that the site could have been vulnerable to an attack for over a year, but that it wasn’t possible to know whether or not hackers had actually exploited the flaw. Bailey is scheduled to discuss his research findings on the vulnerability at the Black Hat DC security conference in Washington, DC which begins February 2nd.

Twitter’s popularity has grown substantially over the past few years; starting out as a micro-blogging service that asked you a simple question – "what are you doing?" It has found use as a form of communicating major events including the 2009 Iranian presidential election and U.S. President Barack Obama’s campaign in 2008.

Even Bill Gates has become a member of the service, with over 300,000 followers at the time of writing. As a result of its increasing popularity, the service has become a massive target for hackers and spammers who are looking to spread malware or operate potential scams.

Report a problem with article
Previous Story

EA Sports to tee off on Tiger Woods game this June

Next Story

Google Binged us in the Yahoo so hard, we had to Ask Jeeves!

11 Comments

Commenting is disabled on this article.

While I don't wish to debate semantics of the English language, perhaps a title that thanks something for security flaws isn't that appropriate? Should we be thanking Adobe for putting lots of users of a very popular social networking site at risk...? It's almost as bad as putting OK on error message dialogue boxes.

vanx said,
While I don't wish to debate semantics of the English language, perhaps a title that thanks something for security flaws isn't that appropriate? Should we be thanking Adobe for putting lots of users of a very popular social networking site at risk...? It's almost as bad as putting OK on error message dialogue boxes.
In both cases they are appropriate words, if superficially odd. They don't have to have positive connotations.

Edited by Kirkburn, Jan 23 2010, 12:19am :

vanx said,
While I don't wish to debate semantics of the English language, perhaps a title that thanks something for security flaws isn't that appropriate? Should we be thanking Adobe for putting lots of users of a very popular social networking site at risk...? It's almost as bad as putting OK on error message dialogue boxes.

I understand what you are saying, however I think it is appropriate. I don't think anyone would misunderstand what is meant.

vanx said,
While I don't wish to debate semantics of the English language, perhaps a title that thanks something for security flaws isn't that appropriate? Should we be thanking Adobe for putting lots of users of a very popular social networking site at risk...? It's almost as bad as putting OK on error message dialogue boxes.

Thanking someone for something that is obviously bad=sarcasm.

Ned said,
Thanking someone for something that is obviously bad=sarcasm.
Sarcasm is unnecessary when reporting news. If I wanted sarcasm in tech news, I'd go and read The Register.

What are we cyborgs? I dont care how good you are, as long as someone else is out there looking for something you didnt do,did wrong,did "the old way, etc no ones software (PC based or Cloud based) will be perfect. The only way we will have "perfect" software is if we let machines, program machines.....at which point conspiracy people will start crying "skynet".

So, its Twitter's fault for not heading security warnings, and Adobe's fault for not fixing the problem in the first place. Adobe should just fix it and be done.

Chrono951 said,
So, its Twitter's fault for not heading security warnings, and Adobe's fault for not fixing the problem in the first place. Adobe should just fix it and be done.

Its twitters fault to use a product that has known vulnerability...