A new way to cause mischief quickly spread through short-messaging service Twitter Tuesday morning before the site could fix the problem, as mysterious “tweets” of blocked-out text propagated themselves and caused popup windows to open.
Shortly before 10 a.m., Twitter said on its “safety” feed on the site that the attack has been “fully patched” and no longer works.
The hack had been extra nefarious because the tweets activated without being clicked on – it was enough for Web surfers to move their mouse cursors over them. But it only affected visitors to Twitter.com. Various third-party programs used to send and read tweets were unaffected. The popups could contain malicious code that could take over poorly protected computers.
Security breaches had been common in Twitter’s early days, but the company has since worked to beef up its security and the problems have become less common.
Twitter representatives did not immediately return an e-mail seeking comment Tuesday morning.
Have you checked out YWN Radio yet? Click HERE to listen!
(Source: Boston Globe)
2 Responses
Cnet.com’s Caroline McCarthy says that twitter has identified the bug and is working on a patch.
@caro – “.Twitter reps says they have “identified and are patching a XSS attack” re: mouseover issue and that it should be solved shortly. #cnet “
Confirmed, the bug was fixed.
http://threatpost.com/en_us/blogs/twitter-closes-web-hole-after-attack-hits-500000-092110