Help Net Security – (International) Tumblr worm proliferated due to XSS flaw. A December 3 worm rampage that left many a Tumblr site "defaced" with a message by Internet troll group GNAA was the result of improper input sanitation. "It appears that the worm took advantage of Tumblr's re-blogging feature, meaning that anyone who was logged into Tumblr would automatically re-blog the infectious post if they visited one of the offending pages," explained a Sophos researcher. Those who were not logged in would be redirected to the standard login page. Once logged in, the offending post would continue to do its activity and re-blog the post on their Tumblr. "It shouldn't have been possible for someone to post such malicious JavaScript into a Tumblr post - our assumption is that the attackers managed to skirt around Tumblr's defenses by disguising their code through Base 64 encoding and embedding it in a data URI," concluded the researcher. Tumblr disabled posting for a couple of hours and proceeded to clear the affected accounts. According to a Twitter post by the company, the issue was resolved.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyTags
