The TweetDeck Worm: How it Worked

TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck application and created a worm that affected 82,138 Twitter users and forced them to retweet […]

Read More →

XSS Vulnerability injected through Google Analytics, executed in IOS’s Gmail application

Roy Castillo, a security researcher from the Philippines, identified a cross-site scripting (XSS) vulnerability in the Gmail application for iOS. The vulnerability was found in the mail attachment feature and needed no user interaction to be triggered. In a post on his blog, Roy Castillo explains how he managed to exploit this vulnerability. After logging […]

Read More →

National Weather Service Hacked

The National Weather Service has been hacked by the Kosova Hacker’s security group, leading to sensitive server information being leaked. The group managed to hack into the server using a Local File Inclusion (LFI) vulnerability in the weather.gov website. As the name denotes, Local File Inclusion (LFI) is the process of including a file or […]

Read More →