Samsung Galaxy Note 4 design, specs and launch rumours: LIVE

Feedback

Twitter hit by security exploit

Software & AppsNews
, 21 Sep 2010News

UPDATE 21/09/10, 15:20 BST: Twitter's head of Trust and Safety has said that the mouse-over exploit that caused havoc on the micro-blogging site earlier today has now been patched.

For more details, read our latest article here.

-----------

UPDATE 21/09/10, 13:25 BST: The recently discovered security exploit has been reported as prompting the outbreak of a worm that can infect users' PCs, replicating itself and sending out more infected tweets.

Twitter users accessing the site via the service's own web interface are advised not to roll their mouse over any tweet containing dotted link underlines, or with its characters blocked out in black or other coloured bars.

So far, Android, iOS and third-party Twitter clients are reported to be unaffected, but extreme caution is urged.

Twitter has so far given no indication as to how - or when - it will fix the security hole.

-----------

Users of micro-blogging site Twitter are being targeted by pranksters exploiting a security flaw that enables pop-up messages to appear, or third-party web sites to open in the user's browser, when the user moves their mouse over a link.

Thousands of messages taking advantage of the flaw have already been reported.

The flaw will be a major embarrassment for Twitter, having last week launched to great fanfare its 'New Twitter' interface, which uses the automatic pop-up feature to displaying video and other content from within the main Twitter window.

So far the exploit appears only to have been used for fun, but security expert Graham Cluley of Sophos warned on his blog that the exploit could soon be used by criminals to direct users to websites containing malicious code.

The exploit takes advantage of the onMouseOver JavaScript code in Twitter, and has also been used to create tweets that contain blocks of colour - already nicknamed 'rainbow tweets'.

Users are advised to exercise caution over tweets from users that they don't know.

 

Topics
blog comments powered by Disqus