Brad (theNURSE) Smith, one of our local chapter members, spoke at Defcon 18 on "Weaponizing Lady Gaga".  The session showed live demo's on how to utilize psychosonic attacks vectors in your next pillage.  Brad is know for his calm teaching manner and his cool hair.
Tweetdeck Chrome Extension XSS Vulnerability

Tweetdeck Chrome Extension XSS Vulnerability

PDFPrintEmail

User Rating: / 5
PoorBest 

AddThis Social Bookmark Button

Silly me.

I retweeted a funny tweet by @mikkohypponen at F-Secure about some javascript that had put in the X-VirusScan header of an email, and much to my surprise the javascript executed.

I tweeted the results of my discovery and Mikko had a hard time believing it, but after a couple of go arounds and some screenshots I was taken seriously.  Mikko notified the guys at Twitter and supposedly they have fixed it, but it still is working in my browser today.  Thus I discovered the 140 character, must retweet the message javascript XSS vuln in the Tweetdeck extension for Google Chrome ;)

Here is Mikko's blog entry over at F-Secure.

http://www.f-secure.com/weblog/archives/00002167.html

Back to work ;)

 

 

Comments (0)
Only registered users can write comments!