If you’ve been using the Flash-based Twitter widget on your blog or web site, you might have noticed that it isn’t working. That’s because Twitter has disabled this widget due to security concerns. The problem lies in a vulnerability that was discovered in the widget. According to the people at Twitter, a security analyst raised the red flag about the widget. Apparently, the vulnerability can lead to hackers finding out the login details of the user.
Twitter was quick to respond to this issue and promptly disabled the widget. Gaj-It tells us more:
“We’ve been notified about a vulnerability in our Flash widget and out of an abundance of caution we’ve disabled access as we assess the situation,” Twitter’s staff said in a status update.
Despite this action, the configuration error reportedly stems from a basic programming mistake back in 2006. Mike Bailey, a senior security analyst with US-based company Foreground Security, said that the problem exploits a widely known vulnerability in the Adobe Systems Flash programming language.
Bailey emphasizes however, that the problem is not Adobe’s fault. He says that it is actually the programmers who make the mistake and that Adobe has already issued guidelines on how to avoid this flaw when creating Flash programs. Indeed, he says that there are a lot of other widgets with the same vulnerability – thanks to “bad programming.” That is, the programmers do not follow the recommendations of Adobe, hence exposing widgets users to the risk of having their login details hacked.