URL Shortening XSS Vulnerability Reported

URL shortening service bit.ly (used extensively by Twitter micro-blog users) has apparently fallen victim to a serious cross site scripting vulnerability, as noted in the Month of Twitter Bugs. Key amongst the derivative issues with this XSS scenario, is the integration of the bit.ly service in such popular Twitter clients as TweetDeck, and the security related challenges to users of that specific client. More information, including a short snippet and appropriate links, appears after the jump.
From El Reg’s John Leyden, in his original post: “Month Of Twitter Bugs exposes microblogging flaws“
Twitpwn, the home page of the Month Of Twitter Bugs project…”
- CNN Loves Twitter, But Doesn’t Seem To Always Know How To Use It (techcrunch.com)
- StumbleUpon’s Su.pr URL Shortening Service Is Now In Private Beta (250 Invites) (techcrunch.com)
- Bit.ly’s Grand Plans, And Their Inevitable Clash With Digg: Bitly Now (techcrunch.com)
- The Best URL Shorteners for Twitter (rev2.org)
- In-Depth: Comparing Tweetdeck and Seesmic (centernetworks.com)
- Hacker cracks TinyURL rival, redirects millions of Twitter users (computerworld.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_b.png?x-id=dd2045f4-db71-45a9-88df-892ffae4dcf8)






Jul 7th, 2009 at 16:23
RT @tweetmeme URL Shortening XSS Vulnerability Reported in bit.ly: http://cli.gs/PnvUB