Tuesday, September 21, 2010

#Onmouseover Security Flaw on @Twitter

Leave a Comment

 Update:

Twitter says, they have fixed this issue. In a status, Twitter wrote: We’ve identified and The exploit is fully patched.

A microblogging site Twitter is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link.

Sophos Blog wrote, “Some users are also seemingly deliberately exploiting the loophole to create tweets that contain blocks of colour (known as "rainbow tweets"). Because these messages can hide their true content they might prove too hard for some users to resist clicking on them”.

We have seen a number of streams on Twitter, which is being widely exploited by users. Whenever you do Onmouseover, tweet will be posted automatically. People are unknowingly tweeting such tweets. Thousands of Twitter accounts have posted messages exploiting the flaw.

twitter_onmouseoverTwitter should urgently shut down this loophole- disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk.

How to get rid off it ?

Please don’t click or hovering on such links on twitter, until it is fixed. Also, Use an application, do not use the web interface until it is solved.

via: Sophos Blog

0 comments :

Post a Comment