When Twitter received the honor from the Online Trust Alliance they were quick to point out their many features that are designed to make Twitter a safe place to play.
“Twitter is honored to again receive the top overall award for the highest score on the OTA Honor Roll, It has become increasingly clear over the past year that companies need to be even more vigilant in applying security and encryption technologies like always-on-SSL, forward secrecy, and DMARC in order to protect their users, and we're glad to partner with organizations like the OTA to raise the security and privacy bar.”
So we have to wonder how a flaw that was communicated to them was able to be exploited so fast before they could stop it. Additionally XSS attacks are nothing new, they are an old and sadly common method for breaking into and compromising web applications. There are methods that can (and should) be employed to protect against XSS attacks. The fact that someone was able to find one in TweetDeck while looking for a way to use an emoticon brings Twitter’s security honors into question, and we have to wonder if the OTA’s stamp of approval really means that much.
Either way Twitter did end up pulling Tweetdeck offline in order to stop the retweets and fix the issue. Once they felt they had everything under control, well they Tweeted that it was safe to come out and play once more. This... well incident just goes to show you that even the most secure sites are still vulnerable.
Tell us your thoughts