Updated: Twitter fixes security flaw
-
ThE MaStEr
2010-09-22
-
Updated: Twitter fixes security flaw
Tuesday, September 21 2010, 17:32 BST
By Mayer Nissim,
The main Twitter website was hacked this afternoon via a security flaw.
Users who moved their cursor over blacked-out text automatically Tweeted or Retweeted the same message. Some accounts automatically posted a message in oversized text, making their page and those of their followers unreadable.
In a blog post, Graham Cluely of security firm Sophos reported that the flaw allowed messages and pop-up windows from third-parties to open in users' browsers. These pages potentially contain spam or malicious code.
Cluely said: "The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop up and third-party websites to open in your browser just by moving your mouse over a link.
"Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk."
Cluely noted that the Twitter page belonging to Sarah Brown, the wife of former Prime Minister Gordon, had attempted to direct her one million followers to a "hardcore porn site based in Japan".
In a post on its Safety page, Twitter confirmed that it has now fixed the security flaw.
"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit," the social networking website said.
Del Harvey, the leader of Twitter's Trust and Safety team, added: "The XSS attack should now be fully patched and no longer exploitable. Thanks, those reporting it."
المصارعة بتاريخ اليوم 5/2/2013 - فيدات ناقلة للمصارعة 2013 - قنوات ناقلة للمصارعه 2013
NewCS1.70/CCcam 2.1.3 Addon for Nabilo E1 & E2
v_sids 04.02.2012
جديد usb2serial drivers
مجموعة الملا تطلق عرضاً حصرياً على ميتسوبيشي أي أس أكس 2011
Diablo Cams Key.Bin 04-04-2011
enigma2-plugin-swapdevice_0.4_mipsel
DM800 SSL88F Ferrari Backup GUI Tool
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.