I just discovered this affected me and thought I would share with everyone.
As reported by Jim Finkle at Reuters.
*Twitter disables ‘widget’ function
* Researcher had told Twitter passwords could be hacked
* Security flaw related to Adobe Flash
* Twitter co-founder says investigating problem
(Adds comment from Twitter CEO)
By Jim Finkle
BOSTON, Jan 22 (Reuters) – Twitter has temporarily disabled
one of the features on its website after a security researcher
warned of a programming flaw that left the login credentials of
its users vulnerable to hackers.
Twitter co-founder Biz Stone said in an email that the
company had temporarily cut off access to a feature that lets
users display Twitter updates on their websites by using Flash
“Our team has disabled the Flash widget while we look into
the problem,” Stone said.
Mike Bailey, a senior security analyst with Foreground
Security of Orlando, Florida, said that the problem exploits a
widely known vulnerability in Adobe Systems Inc’s (ADBE.O)
Flash programming language.
Adobe has told programmers how to address the
vulnerability, which was first discovered in 2006, Bailey
added, but noted the operators of many websites have failed to
respond to those warnings.
The microblogging site’s huge popularity has made it a
prime target for hackers looking to spread malicious software
to Twitter’s millions of users.
“As simple as the attack is, I’ve been finding them all
over the place,” Bailey said.
Officials with Adobe declined to comment.
Continue to Reuters to learn more