Twitter is the most secure site... but don't mention Tweetdeck

12 June 2014

Twitter-Logo1 Website security is a big deal, seeing as we all spend roughly 100% of our time online. Twitter, it turns out, is the toppermost of the poppermost in a a new report which measures how trustworthy sites are.

The Online Trust Alliance - made up of a bunch of boring techie people - released their annual Online Trust Audit and Honour Roll. Basically, sites get ranked by things like consumer protection, privacy, security and all that junk.

They looked at 800 websites and only 29% made their honour roll, but 2014's class swot was Twitter. They won it in 2013 too.

"Twitter is honoured to again receive the top overall award for the highest score on the OTA Honor Roll," Bob Lord, Twitter's director of information security, said in a statement. "It has become increasingly clear over the past year that companies need to be even more vigilant in applying security and encryption technologies like always-on-SSL, forward secrecy, and DMARC in order to protect their users, and we're glad to partner with organizations like the OTA to raise the security and privacy bar."

However, Twitter-owned Tweetdeck was taking the sheen off Twitter's crown thanks to an XSS flaw, which saw a number of potential exploits spreading all over the network.

Yesterday, a large number of Tweetdeck users were dishing out vulnerable scripts with their tweets, which opened up others to attacks.

It took TweetDeck six hours to patch things up, and they even took their service down so they could look at the damage. Users were advised to simply log-out, then log back in again, to fix the problem. Sadly, swathes of Tweeters missed the memo and lo, a widespread infection was on our hands.

These XSS attacks allow swines to take over your account and log in as you.

Maybe 2015 will see the OTA choosing a different website as it's 'most secure'. Either way, you imagine someone at TweetDeck is getting a royal scalding today.

TOPICS:   Social Media   Privacy

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment