Twitter Hacked Over Cross-Site Scripting (XSS) “OnMouseOver” Security Flaw; Now Fixed

Written By Sam on 22 September 2010
Advertisements

Today, Twitter.com – the most popular social networking site has been exploited with a security flaw called the “OnMouseOver” incident that affected many users on Twitter.com. Annoying users, this incident automatically redirected users to the third-party sites and launched pop-ups even without clicking on the links. Experts say, that this incident was the result of Twitter “mouseover bug” which uses the OnMouseOver Javascript command, that seamlessly launched pop-ups and third party sites upon hovering the mouse over an infected link.

As a result of the piece of code written in JavaScript, this exploit that masks itself as a traditional hyperlink. Attracting users to click on it by providing colorful blocks of text – “rainbow tweets”, this exploit evades the Twitter’s automatic filters, triggers a sequence to retweeting those messages automatically or even launch pop up windows or re-direct users to spam and porn sites upon moving their mouse. Rumors indicate that OnMouseover exploit is capable of spreading to as many as 40,000 tweets in just 10 minutes and the affected Tweets can be recognized by noticing them in TweetDeck which displays whether the Tweets contain code/script. Though reports say the new version of Twitter, unveiled last week is not affected, users were advised to stay off the site and use third-party applications until this issue completely resolved. And now, Twitter claims the issue to be fixed and they are looking forward to identify any possible vulnerabilities beforehand. However be careful whilst Tweeting and hovering your mouse over the links on the site!

Relieving news to all the mobile users with Twitter accounts is that Twitter’s Mobile website was not affected and it users can used it as usual!

Leave your response!