The longer story: The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted website into another one. In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user.Twitter is big enough now that its errors make the mainstream media. Take a look:
We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.
Early this morning, a user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This is why folks are referring to this an "onMouseOver" flaw -- the exploit occurred when someone moused over a link.
Other users took this one step further and added code that caused people to retweet the original Tweet without their knowledge.
Permalink | Recent Headlines | Plurk | Twitter | WWFeeds.com
Source: http://www.bloggersblog.com/blog/921101
Bruce Willis Avril Lavigne bill o reilly doug reinhardt sarah butler
No comments:
Post a Comment