Twitter Fixes XSS Vulnerability

Twitter has announced that it has managed to solve the exploit that allowed a cross-site scripting (XSS) vulnerability to use a Javascript command to spread tweets with spammy links that redirected users to adult sites and potentially compromised websites.

Tweets with links containing the command string "onmouseover" redirected Twitter users whenever they hovered their mouse icon on the link, which means that clicking on the link was not even a prerequisite for being infected.

The author of the original attack is someone by the name of Magnus Holm who turned the exploit into a worm but a Japanese guy, Masato Kinugawa, has been credited with actually finding the vulnerability.

At its peak around 70 new tweets were generated per second and in the end, more than 200,000 tweets. However, others with darker motives soon turned the proof of concept in a spamming spinning machine within hours.

Twitter has already confirmed that they have identified and patched the XSS vulnerability within two hours of discovering it. During the attack, users were encouraged to use third party applications like Tweetdeck rather than the main online interface.