Twitter co-founder Biz Stone said in an email that the company had temporarily cut off access to a feature that lets users display Twitter updates on their websites by using Flash technology.
"Our team has disabled the Flash widget while we look into the problem," Stone said.
Mike Bailey, a senior security analyst with Foreground Security of Orlando, Florida, said that the problem exploits a widely known vulnerability in Adobe Systems Inc's Flash programming language.
Adobe has told programmers how to address the vulnerability, which was first discovered in 2006, Bailey added, but noted the operators of many websites have failed to respond to those warnings.
The microblogging site's huge popularity has made it a prime target for hackers looking to spread malicious software to Twitter's millions of users.
"As simple as the attack is, I've been finding them all over the place," Bailey said.
A hacker last month briefly hijacked the Twitter site and redirected it to one that claimed to represent a group calling itself the Iranian Cyber Army. That high-profile attack -- by a perpetrator who stole credentials to the account that Twitter uses to route its traffic -- did not compromise credentials of any Twitter users.
Bailey said his analysis of the Twitter site showed that it could have been vulnerable to attacks for more than a year, but that it was impossible to know whether hackers had actually exploited the Adobe flaw.
He is scheduled to discuss his research on the Twitter flaw at the Black Hat DC security research conference in Washington, which begins on Feb. 2.
Subscribe to our RSS Feed for more Updates. It's FREE!
Subscribe to this comment's feed
- 24/01/2010 00:12 - Firefox 3.6 browser updates
- 11/12/2009 11:42 - Send money from your Facebook Acount through paypal
- 08/12/2009 13:53 - Content panic button for Facebook and MySpace
- 05/12/2009 14:27 - Amazon Launches Textbook Trade-In Program
- 03/12/2009 20:18 - Gmail Gives Users New Default Text Styling Feature
Subscribe Our Feeds
Follow Us