Twitter hacks simple XSS attacks, says security firm

Twitter's vulnerability to basic cross-site scripting attacks highlights the need for organisations to review website coding, according to security firm Fortify Software.

Twitter's vulnerability to basic cross-site scripting attacks highlights the need for organisations to review website coding, according to security firm Fortify Software.

A teenage hacker hit Twitter four times at the Easter weekend with worms that directed users to his own microblogging website.

Around 10,000 posts were deleted to prevent the worm spreading and Twitter has said it will consider legal action against the 17-year-old hacker.

The attacks are simply a case of a hacker exploiting vulnerabilities in the way websites are coded, said Barmak Meftah of Fortify Software.

Code exploitation is now high enough on the hacker agenda to warrant code auditing in the software planning and development process, Barmak Meftah said.

According to Meftah, a common problem is that developers typically write code with minimal auditing and few security checks.

"This is a classic example of how poor coding enables cracking situations that should never have been allowed to happen in the first place," he said.

Hot skills: extreme programming >>

Infosec 2009: an essential guide for IT professionals >>

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close