Skip to main content
  1. Tech
  2. Gadgets & Tech
  3. Tech Gear

Austrian teen takes down TweetDeck for a few hours

See also

Those kids and their toys. Well, it is more along the lines of kids and business toys. TweetDeck went down today but not for the same reason that many sites go down during the course of the day. This wasn’t someone’s evil plot to compromise an app’s security or for evil purposes. It turns out that it was done by a 19-year-old Austrian guy that was wondering “if this will work.”

Early on Wednesday morning, Florian ran a simple test that contained simple tags, as well as a heart symbol. He added a message, ‘I wonder if this will work…’ Surprisingly for him, the commands that were executed through plaintext came through just fine from TweetDeck to Twitter.

The main source of the issue was this vulnerability was discovered back in 2011 and seemed to not have been securely patched. Florian even reported the vulnerability publicly to @TweetDeck, hoping that someone monitoring their mentions would see it. Users of TweetDeck started seeing warning messages through its own XSS bug that the service was no longer secure.

Florian tried some experiments to see how the system would react by using the ‘heart’ symbol on the service. After a few hours, TweetDeck was back up and running but requested that users log out of their accounts and log back in for the patch to fully install.

Normally, Twitter would have mangled the plaintext issue and the tweet would have been distorted or blocked from someone’s feed. However, with the fact that it made it through TweetDeck’s security made it vulnerable for someone to send our malicious content via Twitter. That would be equivalent to someone sending you a link in an email from someone you know.

Fortunately, this ‘test’ was constructed by a kid that simply stumbled onto some plaintext and decided to see if it would work. TweetDeck managed to patch the vulnerability and is safe for now. The downside with technology based companies is that when someone finds a vulnerability, very few times do they mention it to their security team. Many times they do bad things before someone else discovers the issue.


Don't Miss

  • Unity
    'Assassin's Creed Unity' preview: Ubisoft comes home to its urban origins
    Games Preview
  • TV remote
    The new Peel app may make you decide to ditch your TV remote forever
    Tech Buzz
  • Destiny
    The 'Destiny' beta: 7 things we absolutely love about Bungie's new franchise
    Games Feature
  • iPhone
    Apple has posted huge profits ahead of the iPhone 6 release
    5 Photos
  • Far Cry
    'Far Cry 4' exclusive: Animals, avalanches, oxygen, side content and much more
    Games Interview
  • Charge phone
    Fact or fiction: Does putting your phone in airplane mode make it charge faster?