Search Slyck  
Twitter Totally Freaks Out - Java Onmouseover Exploit Blamed
September 21, 2010
Thomas Mennecke
Font Bigger Font Smaller
Morning coffee, check. Morning RSS updates, check. Facebook updates, check. Twitter - holy friggin hell what happened? It seems that Twitter is suffering from a serious and crippling security flaw. The extent of the flaw has rendered the official Twitter website virtually unusable. Third party Twitter platforms appear to be operating without any issue.

The security flaw is manifesting itself in many different ways. Tech Crunch has posted an image showing Java code injected into a Tweet. From our experience, mousing over any part of Twitter automatically posted bogus Tweets. This has caused a surge in bogus Tweets that could lead the end user to a malicious third party website.

Just about anyone's account appears susceptible. On the security blog Sophos, more images of the exploit are posted - which include giant block letters that consume an entire screen.

"Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk.

Some users are also seemingly deliberately exploiting the loophole to create tweets that contain blocks of colour (known as "rainbow tweets"). Because these messages can hide their true content they might prove too hard for some users to resist clicking on them."

At last check, Slyck's Twitter page was just as unusable as everyone else. The page appears grayed out and nothing works. We also noticed the strange "Matsta" post (highlighted in the red box) that is heavily trending. We hope to report that Twitter has this worked out soon. Since the threat level of this attack is currently unknown, it's best to stay away from the official Twitter and use a third party program like TweetDeck until further notice.

Edit: It seems that "Masta" is the originator of this exploit. Using any third party application or Twitter mobile to block this user should prevent any trouble, however it seems that Twitter has patched the security hole and things are working normally.


This story is filed in these Slyck News categories

You can discuss this article here - 4 replies

© 2001-2019