ALERT: Twitter security flaw

Not sure if this is the right place, but probably the best outlet to gain the attention of the ATS audience. There is a _javascript flaw on twitter.com - mouseover script that posts spam and forcefully direct members to harmful sites. Without your permission.

Stay off twitter.com, use TweetDeck (non-browser apps are fine)

reply to post by infinite


have any proof, it could be your computer.

reply to post by MR BOB


Err...
It's on the news.

reply to post by infinite


I just heard this on the radio, I'm glad you posted this.
Thanks

Twitter hacked, sending users to third-party sites
Social networking site says that they've found the attack and patched it

www.msnbc.msn.com...

The hack of Twitter.com is extra nefarious because the tweets activate without being clicked on — it's enough for Web surfers to move their mouse cursors over them.

Twitter counters mouseover security flaw

This particular hack of Twitter.com was especially crafty, as it was enough for Web surfers to move their mouse cursors over links to activate the links, which sent them to spammers destinations, such as the one million followers of a former British prime minister, who found themselves inexplicably at a hardcore porn site based in Japan.
As of this morning at about 9:45 a.m. EDT, Twitter had "identified and are patching a XSS attack."
They cautioned: "please message @safety if you have info regarding such an exploit. We expect the patch to be fully rolled out shortly and will update again when it is."

That was the really scary twist to this, no clicking was necessary to make your Twitter life go kablooey. The Wall Street Journal explained it this way, "The hack works using a JavaScript code known as '.,' which allows webpages to do things when a user simply mouses over something rather than clicking."

While hardcore porn is not the most pleasant thing to be forcibly directed to, it could be worse.

technolog.msnbc.msn.com...

reply to post by infinite


err, well it's common decency to post a scource instead of letting us guess if it's true.

How am i meant to know that it is in the news?

Originally posted by MR BOB
reply to post by infinite

 

err, well it's common decency to post a scource instead of letting us guess if it's true.

How am i meant to know that it is in the news?

edit on 21-9-2010 by MR BOB because: (no reason given)

Ok, I can't let this thread die without explaining something. Yesterday morning this was announced before a source could be located on the internet MSM's or maybe it wasn't "out there" yet, but for the moment, there was two sources. First, the copy/paste posted by the OP and after reading your first reply I post stating I heard this warning on the radio (second source for the moment). The announcer on the radio specifically said and I quote "Get off of twitter!", he repeated this three times and he sounded quite serious.
Once I found a source and seeing the OP wasn't online, I posted a source, on behalf of the OP's warning to show it was true.

The quicker others are warned, the better.

I checked back to this thread to see if there was more information added, I saw the OP was online.
Think about it MR. BOB, maybe the OP saw sources were added so there was no reason to add more. If I was the OP, I wouldn't feel any need to add anything more since this was just an ALERT to others and the problem was identified and taken care of, not to mention some quacky female posted multiple times when she should have thought to use the edit button when adding additional information

So I said all that to say the OP must have felt a concern, just as I did. He/she using what source was available at the moment. Additional information was added before your last post. Omitting this post, the above information posted should have been enough without you're questioning the "decency" of the OP, imo, for the simple fact sources were added and the problem was explained.
The only reason why I'm replying to you on this is because the thread was ended with someone being insulted. While sources are necessary, warnings and emergencies might need to get out there asap. In this case, with it being a computer issue and how we are so attached to our computers, lol, time was of the essence.
My good intentions to warn others only ended with good intentions, it was the OP who took the action.
Now if the thread dies, I feel better
Thanks
sl

As a heads up until this is all fixed. It's recommended to use mobile.twitter.com in the mean time.