Yesterday’s Twitter issues – self-replicating worm code distributed when hovering over malicious code – highlighted the potential frailties of such a widespread online tool and the worldwide disruption that could be caused with the slightest security breach.
Yet as a posting yesterday on the official Twitter blog suggests, the whole issue was a result of Twitter accidentally reintroducing a flaw it had fixed last month. “We discovered and patched this issue last month,” admits Twitter in the blog, “However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.”
So it seems human error may have seen a wrong update uploaded or an out of date template used. The issue was fixed and repaired within seven hours – probably showing the benefits of keeping back-up copies ready – but not before millions of Twitter users has been exposed to potential malicious code. Thankfully, Twitter also report “We are not aware of any issues related to it that would cause harm to computers or their accounts. And, there is no need to change passwords because user account information was not compromised through this exploit.”
So what can we learn from the whole affair?
The importance of code auditing when applying patches. Upgrading and improving sites is an essential for any organisation but so is proper QA testing and checking, which includes minor scripting updates and patches. Check, check again and check again seems to be a good policy. The problem with the modern internet is that things can move so fast meaning even a minor issue can become a massive issue within minutes. Another set of eyes and ears always helps, but if you don’t have a colleague to rely on, just make sure you check your own work thoroughly before going live.
What are your thoughts on the problems Twitter experienced?