The so-called 'mouseover' or cross-site scripting (XSS) bug on Twitter spread very fast because all a user had to do was hover the mouse cursor over an infected text and that user was automatically redirected to a porn site. No clicking required.
Among the many thousands who were affected was the former prime minister’s wife Sarah Brown.
After she posted a tweet with a suspect link in it she then updated her page to warn others of the attack. She wrote: ‘Don’t touch the earlier tweet – this Twoter feed has something very odd going on.’
Another victim was White House Press Secretary Robert Gibbs. After he was hacked he posted: "My Twitter went haywire - absolutely no clue why it sent that message or even what it is...paging the tech guys...'
The Twitter flaw made it possible to include the programming code JavaScript in tweets, which was then 'retweeted' to other users.
In some cases the mouseover' or cross-site scripting (XSS) bug was used to launch simple pop-up windows, redirect users to porn sites and was also used to cover up users’ tweets with blocks of colour.
Twitter now says that the security breach has been fixed.
Experts recommended that users use third-party apps rather than visiting the Twitter site itself while the attack was still ongoing.
0 comments:
Post a Comment