The most recent flaw discovered on Twitter was being exploited to send pop-up messages and links to porn sites, and in some cases, caused users to retweet the links without their knowledge.
Twitter has patched the flaw, but security chief Bob Lord advised, “Users may still see strange retweets in their time lines caused by the exploit. However, we are not aware of any issues related to it that would cause harm to computers or their accounts.” According to Twitter, user information was not compromised, so changing passwords is not necessary.
The code used to spread the worm exploited a cross-site scripting (XSS) vulnerability. The command for the code was written in Javascript and automatically directed users to another website when the links were moused over; links typically looked like a block of color or random URL. The first of the self-replicating codes appears to have been developed by Magnus Holm, who states, “I simply wanted to exploit the hole without doing any ‘real’ harm.” Holm said his worm had passed around in at least 200,000 messages.
This recent flaw comes shortly after Twitter’s recent revamp of the site. Graham Cluley, a researcher at security firm Sophos, warned users to continue on their guard, as other hackers may now attempt to search for new flaws or even find way around the patch.
Leave a Reply