- My local #Lidl is doing 1.2kg blocks of prosciutto crudo for £9.99/kg vacuum-packed. #THIS is why I have a meatslicer at home. #
- If you're into women's <del>porn</del> #erotica my writer-friend #JanineAshbless has a new eBook out today http://t.co/trN7OVd1 #plug #
- Wow <em>Web TweetDeck</em> seems <tt>to honour</tt> in-tweet HTML that goes <strong>Facebook</strong> and back? #xss #maybe ? #
- @Jono_Warren Yes but are they 0wnable? #
- <iMg Src=http://placekitten.com.s3.amazonaws.com/homepage-samples/200/138.jpg> #
- New: Faint possibility of #XSS in Web #Tweetdeck client via #Facebook #security http://t.co/ejo2AVaZ #
- @bensummers I have christmas shopping to do; busing kittens takes less time. #
- @bensummers ps: I think the phrase is "i am disappoint"; this would be proper for those who have completely the modern grammer. #
- <iMg Src=http://localhost/nope.gif onerror='javascript:alert("happy now ben?")'> #
- New: Confirmed: #XSS in #Tweetdeck reading #Facebook feeds to Web client http://t.co/SYFvjnyM #
- @charlesarthur Remember this? http://t.co/Ur8RIuac – well now there's this: http://t.co/cmbYp1Fe #
- #TweetDeck #Web Client Workaround: Don't use it. Use something else until it's fixed. Like the main Twitter .com site, perhaps? #
- Hat tip to @glynwintle for getting me to actually test this and post the writeup. #
- Bug logged at Twitter; Subject: #4402784 Twitter Support: update on "Tweetdeck Web has an XSS … with updates that come in from Facebook." #
- @timcaynes @glynwintle Yep. @bensummers wanted proof. http://t.co/VRW248Zc #
- Wooo and watch the traffic spike. Maybe I should advertise on my blog. Or maybe not. All this because of a geek joke on a porn tweet… #
- @runasand Oh I've done it before – mention the p-word and life gets briefly interesting on the follower front, but it fades… #
- Taking my own advice have unlinked Facebook from Tweetdeck; anyone wanting to remote-control my browser will now have to find another way. #
- @JamesFirth Well if it's private then that's news to me. I just logged in with my TD account and started using it a few days ago. #
- New: "Merry Christmas – it's another Twitter XSS bug!" http://t.co/xsxfn41H : #Security @ComputerworldUK #
- @JamesFirth As per previous answer. #
- @JamesFirth To clarify, I just went to https://t.co/UMoCn2Nw and hit the yellow button. #
- TEDxKoeln – Adriana Lukas: Balanced Asymmetry of Networks or How to avoid Hierarchies – YouTube http://t.co/IBrr433P # HT @adriana872 #
- Welcome @boblord of the Twitter security team, who is now following me. #
- @biosshadow If you're talking about the #Tweetdeck #XSS from http://t.co/lRqDgEvF – I logged it as support issue #4402784 (FAO @boblord) #
- @biosshadow Agreed. #
- @boblord Cool! Incidentally I clicked the XSS button but I ended up in a different, more verbose box-filling dialogue than the one u cited? #
- @boblord I'm confused since the dialogue under https://t.co/M1V6JiLI took me to https://t.co/A1JFHh8d when I did it, as opposed the nice one #
- One for the Java coders: http://t.co/1ndPlzbA #
- #Twitter fixes #Tweetdeck #XSS bug – was re: http://t.co/lRqDgEvF # well done folks, now please don't do it again 🙂 #
- <ImG SrC=http://localhost/nope.gif onerror='javascript:alert("and this should now be OK")'> #
- @biosshadow bugs-per-capita-user it's not too bad. 🙂 #
- @biosshadow Dear oh dear. #
- @biosshadow I saw my first Buffer Overflow back in '88 and they're still around; the Web's not as old as that. Expect decades more of XSS. #
- TIL that PAT-Testing of office appliances is not actually a legal requirement
http://t.co/1KPcrXPT
http://t.co/nEmgX5pQ # - @davoloid Mmm. I hear that said about ISO 27001 also. #
Leave a Reply