Infosecurity.US

URL shortening service bit.ly (used extensively by Twitter micro-blog users) has apparently fallen victim to a serious cross site scripting vulnerability, as noted in the Month of Twitter Bugs. Key amongst the derivative issues with this XSS scenario, is the integration of the bit.ly service in such popular Twitter clients as TweetDeck, and the security related challenges to users of that specific client. More information, including a short snippet and appropriate links, appears after the jump.

From El Reg’s John Leyden, in his original post: “Month Of Twitter Bugs exposes microblogging flaws“

“The Month Of Twitter Bugs has begun with the publication of a flaw in a URL shortening service often used in conjunction with the microblogging service…”
“Four cross-site scripting (XSS) vulnerabilities in the bit.ly URL-shrinking service were published on Wednesday. TweetDeck, one of the most popular Twitter clients, integrates bit.ly, making the flaws much more risky than might otherwise be the case…” “Fortunately, three of the four bugs were fixed before an alert was published. The last flaw was addressed hours after the release of a notice via Twitpwn, the home page of the Month Of Twitter Bugs project…”

• CNN Loves Twitter, But Doesn’t Seem To Always Know How To Use It (techcrunch.com)
• StumbleUpon’s Su.pr URL Shortening Service Is Now In Private Beta (250 Invites) (techcrunch.com)
• Bit.ly’s Grand Plans, And Their Inevitable Clash With Digg: Bitly Now (techcrunch.com)
• The Best URL Shorteners for Twitter (rev2.org)
• In-Depth: Comparing Tweetdeck and Seesmic (centernetworks.com)
• Hacker cracks TinyURL rival, redirects millions of Twitter users (computerworld.com)