Pictures

U.S. Army Captain Michael Kelvington, commander of the Battle company, 1-508 Parachute Infantry battalion, 4th Brigade Combat Team, 82nd Airborne Division, bows next to remains of Gulam Dostager, a member of Afghan Local Police who was killed in the blast of an Improvised Explosive Device (IED) during the joint Tor Janda (Black Flag in Pashtu) operation, in Zahri district of Kandahar province, southern Afghanistan May 25, 2012. REUTERS/Shamil Zhumatov (AFGHANISTAN - Tags: MILITARY CIVIL UNREST CONFLICT TPX IMAGES OF THE DAY)

Reuters Photojournalism

Our day's top images, in-depth photo essays and offbeat slices of life. See the best of Reuters photography.  See more | Photo caption 

Members of the U.S. Navy Blue Angels fly over the World Trade Center in lower Manhattan as part of the 25th annual Fleet Week celebration in New York, May 23, 2012. REUTERS/Eduardo Munoz (UNITED STATES - Tags: MILITARY ANNIVERSARY TPX IMAGES OF THE DAY)

Fleet Week

The U.S. Navy takes Manhattan for a week.  Slideshow 

Photo

The SpaceX mission

A privately owned unmanned rocket blasts off on a mission to be the first commercial flight to the International Space Station.  Slideshow 

Twitter cuts feature on site over security flaw

Related Topics

By Jim Finkle

BOSTON | Fri Jan 22, 2010 5:25pm EST

BOSTON (Reuters) - Twitter has temporarily disabled one of the features on its website after a security researcher warned of a programing flaw that left the login credentials of its users vulnerable to hackers.

Twitter co-founder Biz Stone said in an email that the company had temporarily cut off access to a feature that lets users display Twitter updates on their websites by using Flash technology.

"Our team has disabled the Flash widget while we look into the problem," Stone said.

Mike Bailey, a senior security analyst with Foreground Security of Orlando, Florida, said that the problem exploits a widely known vulnerability in Adobe Systems Inc's Flash programing language.

Adobe has told programmers how to address the vulnerability, which was first discovered in 2006, Bailey added, but noted the operators of many websites have failed to respond to those warnings.

The microblogging site's huge popularity has made it a prime target for hackers looking to spread malicious software to Twitter's millions of users.

"As simple as the attack is, I've been finding them all over the place," Bailey said.

Officials with Adobe declined to comment.

A hacker last month briefly hijacked the Twitter site and redirected it to one that claimed to represent a group calling itself the Iranian Cyber Army. That high-profile attack -- by a perpetrator who stole credentials to the account that Twitter uses to route its traffic -- did not compromise credentials of any Twitter users.

Bailey said his analysis of the Twitter site showed that it could have been vulnerable to attacks for more than a year, but that it was impossible to know whether hackers had actually exploited the Adobe flaw.

He is scheduled to discuss his research on the Twitter flaw at the Black Hat DC security research conference in Washington, which begins on February 2.

(Reporting by Jim Finkle; Editing by Derek Caney and Matthew Lewis)
Tech

Related Quotes and News

Company
Price
Related News
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.