Twitter Totally Freaks Out - Java Onmouseover Exploit Blamed
September 21, 2010
Morning coffee, check. Morning RSS updates, check. Facebook updates, check. Twitter - holy friggin hell what happened? It seems that Twitter is suffering from a serious and crippling security flaw. The extent of the flaw has rendered the official Twitter website virtually unusable. Third party Twitter platforms appear to be operating without any issue.
The security flaw is manifesting itself in many different ways. Tech Crunch has posted an image
showing Java code injected into a Tweet. From our experience, mousing over any part of Twitter automatically posted bogus Tweets. This has caused a surge in bogus Tweets that could lead the end user to a malicious third party website.
Just about anyone's account appears susceptible. On the security blog Sophos
, more images of the exploit are posted - which include giant block letters that consume an entire screen.
Some users are also seemingly deliberately exploiting the loophole to create tweets that contain blocks of colour (known as "rainbow tweets"). Because these messages can hide their true content they might prove too hard for some users to resist clicking on them."
At last check, Slyck's Twitter page was just as unusable as everyone else. The page appears grayed out and nothing works. We also noticed the strange "Matsta" post (highlighted in the red box) that is heavily trending. We hope to report that Twitter has this worked out soon. Since the threat level of this attack is currently unknown, it's best to stay away from the official Twitter and use a third party program like TweetDeck
until further notice.
: It seems that "Masta" is the originator of this exploit. Using any third party application or Twitter mobile to block this user should prevent any trouble, however it seems that Twitter has patched the security hole and things are working normally.
This story is filed in these Slyck News categoriesYou can discuss this article here
- 4 replies