|  Home   |  Forums   |  News   |  Blog   |  Reviews   |
 Satellite   Digital TV   IPTV   Cable   HDTV   Computers   Games   Mobile Phones   Broadband   Internet   Security   Telecoms   USB   VoIP   Wireless 

September 22, 2010

Twitter onMouseOver exploit fixed

Bookmark and Share

by Darren Allan

Twitter was hit by a JavaScript exploit yesterday, as we reported at around lunchtime (in our time, it was the middle of the night at the Twitter offices, so there were doubtless some very grumpy techies being roused).

However, the issue has now been fully fixed, Twitter staff have reported on the site’s blog. It took them around four hours to solve the “primary issue”, and a further two hours to tie up minor related problems, so it was all put to bed by yesterday evening.

So it’s now safe to go back to the main Twitter.com site and tweet away without fear of having something malicious occur.

The exploit was known as onMouseOver because all a tweeter had to do was mouseover an infected link on the page, it wasn’t even necessary to click on it to trigger the payload. The JavaScript exploit automatically opened pop-ups or third party websites relating to spam and pornography, and spread itself by self-posting on the user’s feed.

Apparently the problem was caused by cross-site scripting (XSS), and this was an issue which had been patched up by the social networking site last month. However, a recent site update unintentionally undid the patch.

Twitter posted on its blog: “This exploit affected Twitter.com and did not impact our mobile web site or our mobile applications. The vast majority of exploits related to this incident fell under the prank or promotional categories.”

“Users may still see strange retweets in their timelines caused by the exploit. However, we are not aware of any issues related to it that would cause harm to computers or their accounts. And, there is no need to change passwords because user account information was not compromised through this exploit.”

Story link: Twitter onMouseOver exploit fixed


Discuss this in the Techwatch Forums



Special offers on iPhones

Related news to "Twitter onMouseOver exploit fixed"




No Comments »

No comments yet.

Leave a comment


Previous: «
Next: »

Visited 623 times, 2 so far today