[Infowarrior] - Twitter Rolls Out Fix for Security Flaw

Richard Forno rforno at infowarrior.org
Tue Sep 21 09:19:06 CDT 2010


Twitter Rolls Out Fix for Security Flaw

Reported hack exploited thousands of accounts

By LAUREN BERTOLINI

Updated 7:11 AM PDT, Tue, Sep 21, 2010

http://www.nbcbayarea.com/news/tech/Twitter-Security-Flaw-Widely-Exploited-103431764.html

Twitter has patched a security flaw that allowed thousands of accounts to be exploited, sending automated Tweets and redirecting users to websites without their consent.

The hack, which only affected the Twitter.com interface, allowed users to insert a piece of JavaScript code into a URL, creating pop-up windows when users hovered their mouse over a link. In effect, users "clicked" and shared a link whenever they hovered over it.

The issue was first addressed by Sophos, a company that makes web security software, in a blog post early this morning after a number of high-profile Twitter accounts were affected by the bug. The site points out that initially it had been used only for "fun and games," redirecting users to porn sites rather than exposing users to malware.

Among the high-profile victims is Press Secretary Robert Gibbs. After an auto-tweet appeared on his account, Gibbs posted, "My Twitter went haywire - absolutely no clue why it sent that message or even what it is...paging the tech guys..."

Tech bloggers like Caroline McCarthy over at CNET and the folks at Mashable suggest avoiding Twitter.com and using a third-party Twitter app for the time being until the issue has been resolved. The folks at TechCrunch also have a handy guide for avoiding and fixing the bug.

First Published: Sep 21, 2010 6:32 AM PDT on NBC Los Angeles
 
 
Find this article at: 
http://www.nbcbayarea.com/news/tech/Twitter-Security-Flaw-Widely-Exploited-103431764.html
 


More information about the Infowarrior mailing list