PSA: Twitter being ravaged by JavaScript flaw

By on Sep 21, 2010 at 9:27 AM
Security September 21, 2010

If you happen to be in your browser looking at twitter.com you may notice that the site is somewhat useless at the moment. Thanks to a JavaScript onMouseOver exploit, a nasty little bug is spreading through the micro-blogging site like wildfire. Simply mousing-over a carefully crafted tweet can redirect your browser to a website with malicious code or, in the case of Sarah Brown (wife of the former British Prime Minister), hardcore porn. The exploit is only affecting twitter.com when viewed in the browser and not third party clients like TweetDeck, Seesmic, or m.twitter.com. If you’re out there and tweeting, be careful.

UPDATE: Bob Lord, Twitter’s security chief, has put up an official blog post explaining exactly what happened this morning. You can read that article here. 

Read

Tags:
, , , , , ,
10 Comments

Related Articles

  • danyay

    You blurred out the username on the page, but not the URL or title bar. Great work!

    • Terry

      I was just about to write this – :)

      • Andrew Munchbach

        If you click the read link you’ll actually see that is Sophos’ image ;)

    • DigitalHomeBoy

      I’m glad someone noticed that!

  • DonnyKerabatsos

    Useless at the moment??? Twitter is always useless.

  • Chuck

    Exactly what I was thinking! Hopefully no bank or credit accounts make headlines on bgr today :)

  • HO

    ….Glad this happened, Twitter has to go deep in doors of hell, that with all the shit that is nothing else than bandwith mush, seriously the inet should have never been released to some for use…

  • SteveM

    Haaaaahahahaha! That’s awesome. finally, the world can go a day without having to read that someone is tweeting while pooping or getting ready or any of that worthless crap that the world DOSEN’T CARE ABOUT!

    Posted from BGR Mobile (iPhone).

    • SMK

      Um, you never HAVE to read it. I’ve happily ignored twitter for a couple of years now.

      just sayin’

  • Logicknot

    I had one of these manage to make it on my timeline but i was able to delete it without it happening again.

    only reason i was using twitter.com was because my seesmic wasnt working for a little bit today

blog comments powered by Disqus