Updated: Twitter fixes security flaw
-
ThE MaStEr
2010-09-22
-
Updated: Twitter fixes security flaw
Tuesday, September 21 2010, 17:32 BST
By Mayer Nissim,
The main Twitter website was hacked this afternoon via a security flaw.
Users who moved their cursor over blacked-out text automatically Tweeted or Retweeted the same message. Some accounts automatically posted a message in oversized text, making their page and those of their followers unreadable.
In a blog post, Graham Cluely of security firm Sophos reported that the flaw allowed messages and pop-up windows from third-parties to open in users' browsers. These pages potentially contain spam or malicious code.
Cluely said: "The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop up and third-party websites to open in your browser just by moving your mouse over a link.
"Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk."
Cluely noted that the Twitter page belonging to Sarah Brown, the wife of former Prime Minister Gordon, had attempted to direct her one million followers to a "hardcore porn site based in Japan".
In a post on its Safety page, Twitter confirmed that it has now fixed the security flaw.
"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit," the social networking website said.
Del Harvey, the leader of Twitter's Trust and Safety team, added: "The XSS attack should now be fully patched and no longer exploitable. Thanks, those reporting it."
mdPlug Delphi Source v.2.3
Elegance HD PBP Skin for BH1.6.x
ملف E2-satellites-xml محدث بتاريخ اليوم 30-12-2011
CCcam Prio 29/9/2014
جـــــديد باقة osn قناة (osn action hd)
DreamBoxEdit-IHAD Edition 4.0.1.1
ملف قنوات دريم بوكس 800 , ملف قنوات اجهزة الانيجما 2 , بتاريخ 13-04-2012
SatDreamGr Image V 3.0 Extreme Edition DM500HD
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.