Updated: Twitter fixes security flaw
-
ThE MaStEr
2010-09-22
-
Updated: Twitter fixes security flaw
Tuesday, September 21 2010, 17:32 BST
By Mayer Nissim,
The main Twitter website was hacked this afternoon via a security flaw.
Users who moved their cursor over blacked-out text automatically Tweeted or Retweeted the same message. Some accounts automatically posted a message in oversized text, making their page and those of their followers unreadable.
In a blog post, Graham Cluely of security firm Sophos reported that the flaw allowed messages and pop-up windows from third-parties to open in users' browsers. These pages potentially contain spam or malicious code.
Cluely said: "The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop up and third-party websites to open in your browser just by moving your mouse over a link.
"Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk."
Cluely noted that the Twitter page belonging to Sarah Brown, the wife of former Prime Minister Gordon, had attempted to direct her one million followers to a "hardcore porn site based in Japan".
In a post on its Safety page, Twitter confirmed that it has now fixed the security flaw.
"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit," the social networking website said.
Del Harvey, the leader of Twitter's Trust and Safety team, added: "The XSS attack should now be fully patched and no longer exploitable. Thanks, those reporting it."
Merlin-3 for DM7020 HD 07.04.2012
Download Black Hole 2.0.9.1 for VU+Duo
Merlin-3 OE-2.0 DM800se 10/6/2012
New Dream Elite-3.2-Ver(009-01) DM800HD-SIM2-SSL84B-By Sat4fun-Team
Power of Dream HD+ Image for ET-9000 24-07-2011
EPG Update & Restore Version 0.4 für OE1.6
BlackHole Vu+ Solo 1.6.3 Beta DTS
Newnigma2 dm800se 09.03.2012 #ssl87F
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.