Home Code Snippets Oracle Reference Oracle Functions Oracle Error Codes Forum Oracle Jobs Oracle Blogs

Twitter Exploit Soils The Internet

A security flaw is curently being exploited on Twitter, AKA The Confetti Of The Internet. Reportedly it's just blocking access to accessing user's Twitter home pages and also auto-retweeting the exploit code whenever you move your mouse over parts of the page. However, there have also been reports (not surprisingly) of the exploit being used to forward Twitter users to hard-core porn sites and/or infectious malware sites.

Currently there are thousands and thousands of "infected" Twitter accounts, most notably the account of Sarah Brown, wife of the former British Prime Minister.

Sophos security researchers are warning that it may also lead to endless cascades of spam pop-ups, which compared to malware infections seems like the least of your worries. Sophos recommends that you stay off of Twitter for the immediate future to help prevent/slow the spread of this exploit (and also to protect your computer). We, on the other hand, recommend that you stay off of Twitter indefinitely to help prevent/slow the spread of this exploit (and also to make the world a better place).

"It's pretty widespread and has left some major egg on the face of Twitter," Sophos's senior technology consultant Graham Cluley told FoxNews.com. He explained that there was no reason for code like this to run at all, much less act in such a malicious fashion — a security flaw the company ought to have flagged itself. "It shouldn't be possible to plant JavaScript code like this into your tweets," he said.

Hopefully Twitter this loophole will be shut down as soon as possible, preventing malicious users from posting or reusing the onMouseOver Javascript code, and protecting users whose browsing may be at risk.

This is a "versatile" exploit that works on every OS- Mac and Linux users are affected just like Windows users.

This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.