iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Twitter Fixes Mouse-Over Flaw
Search:
[ insider_reports_insider ]

Twitter Fixes Mouse-Over Flaw



Bryan Young
Staff Writer
2010-09-23

SecurityProNews: Insider Reports Insider Reports RSS Feed


The Twitter mouse-over vulnerability, which caused grief for thousands upon thousands of Twitter users has been patched and resolved. The bug which was first reported at 2:54 am PDT on Tuesday was declared gone by 6:50 am PDT.

Twitter Fixes Mouse-Over Flaw
Twitter Fixes Mouse-Over Flaw

As short lived as it was, people are constantly tweeting. A 2009 study on pingdom.com showed the average number of tweets sent reaches above 1.1 million each hour. That's nearly 4.5 million tweets during the four hour span in which the worm was active. The way it worked was that a person could tweet a maliciously crafted link which included the "onmouseover" javascript code. When the link was touched by a user's mouse (not clicked, just the mouse running overtop of the link) that user's account tweeted the same link, while opening a third party website in the user's browser. There were several high-profile Twitter accounts affected, including White House Press Secretary Robert Gibbs and Sarah Brown, the wife of former British Prime Minister Gordon Brown.

This is not the first time that Twitter has combated this type of exploit on their site. Last month, the site faced similar attacks. These were fixed on August 24th. During an update of the site this fix was somehow reversed, which allowed the attacks to continue. Twitter tweeted a message of their status when the bug was reported, and updated it when they finished re-patching the hole. They then blogged on the site describing in greater detail the onmouseover flaw, how it had resurfaced from the problem they experienced last month, and reassuring their users that account security had not been breached.

Luckily, this exploit only affected those people who were using the actual twitter site. Those who use third-party or mobile applications to tweet and read tweets were completely unaffected.


About the Author:
Bryan is a staff writer for SecurityProNews

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds