Twitter has been hacked — just for the fun of it/
The site was overrun on Tuesday morning with posts discussing a programming flaw that pranks users, spread worms, and sends porn to unsuspecting Tweeters.
According to experts, the problem was limited to a JavaScript command in the old Twitter web interface, which is gradually being phased out.
The New York Times reported that one offending post included an “onmouseover” command that caused messages to pop up and sites to open automatically when a pointer hovered over it.
The script caused some users to forward the offending links to their followers — similar to the many Facebook worms that have been found over the past few years.
Twitter hasn’t issued a statement yet, but posted a status page message saying: "We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit." At 9:50 Eastern time Twitter said it had fixed the flaw. (XSS is short for "cross site scripting" and refers to Web-application flaws that enable hackers to inject scripts into Web sites.)
News outlets reported that due to the worm, Sarah Brown, wife of former British prime minister Gordon Brown, was circulating a link on her Twitter page that sent users to a hardcore Japanese porn site.
Twitter user Magnus Holm, who says he’s a Norwegian Ruby on Rails programmer, appears to have started the slaw.
In an email to the Times, Hold said he just “wanted to experiment with the flaw.”
But the hack isn’t so harmless, and it’s led to other acts of online vandalism.
Others appear to be taking the JavaScript exploit and using it for much worse actions.
The Times reported that Holm said one malicious worm “downloaded some nasty code from a Russian server.”
There is no word on law enforcement action yet.
Leave a Reply