Revealing Hack on Twitter Today

According to a FOX News article, the social media site Twitter was exploited by a security flaw. The hack used the Javascript onMouseOver to activate pop-ups, retweet malicious code, and redirect unsuspecting users to other sites, including hardcore porn sites…

According to security analysis firm Sophos, simply running your mouse over certain tweets could activate pop-ups, send you messages, or even redirect you to another site.

And a number of Twitter accounts were redirecting users to hardcore pornography sites — including the feed of Sarah Brown, wife of former British Prime Minister Gordon Brown.

By 10 AM this morning, Twitter released a statement claiming “all clear” that Twitter “should now be fully patched and is no longer exploitable“. But some security experts say that with sheer volume of infected messages involved, even though it was patched, there may be some issues.

Also, some users are using to flaw to mask their user ID’s:

“It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code.

Some users are also seemingly deliberately exploiting the loophole to create tweets that contain blocks of color (known as “rainbow tweets”). Because these messages can hide their true content they might prove too hard for some users to resist clicking on them.”

According to the article, third party Twitter apps were not affected, because they do not use the same script. The article also recommends people avoid using Twitter for a while.

It is a shame that people would do something like this. I really makes you think twice about letting your kids use the internet, when they could be talking to their friends one minute but then re-directed to a very questionable site the next.

~ by D. Dieterle on September 21, 2010.

One Response to “Revealing Hack on Twitter Today”

  1. Revealing Hack on Twitter Today « CYBER ARMS ? Computer Security…

    I found your entry interesting do I’ve added a Trackback to it on my weblog :)…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: