Twitter bug attacks the Internet interface
Update, 1:36 p.m.
The Twitter blog has new details about the Twitter virus that ran rampant through the site this morning, starting about 6 a.m. Eastern. The blog said a recent site update created the loophole but it did not have to do with the launch of the new Twitter interface.
It says, "Someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This is why folks are referring to this an 'onMouseOver' flaw -- the exploit occurred when someone moused over a link."
The blog states that no private data have been revealed and that it should not harm any computers. However, users might still see stray tweets in their feed. Read the whole statement here.
This morning a strange notice started popping up on Twitter feeds. There was a link and then HTML code. If users on Twitter.com moused over the link, a black box popped up, redirected them to a porn site and sent out the bug to their followers.
The virus took advantage of a security loophole introduced with
the new Twitter interface a system update, but the problem seems to have been resolved. Twitter spokeswoman Carolyn Penner said in an e-mail, "The XSS attack should now be fully patched and is no longer exploitable."
Mashable was one of the first sites to put out a warning about the Twitter bug and news quickly spread through Twitter. The news did not spread quickly enough for thousands of users, however. Even the White House press secretary was not immune to the bug:
My Twitter went haywire - absolutely no clue why it sent that message or even what it is...paging the tech guys...
Third-party Twitter sites, such as HootSuite and TweetDeck, did not seem to be affected. Seeing as the flashy launch of the new site was meant to draw users back to the Twitter interface, this virus comes at a bad time for the company, as people probably will do the complete opposite.
The virus also highlights the problem of URL shorteners. Because of the 140-character limit for tweets, many people use shorteners to convert a long URL. The Post, for example, uses "http://wapo.st." There are complaints that the shortened links do not allow people to know what they are clicking on, or in this case, moving their mouse over, leaving people vulnerable to attack.
| September 21, 2010; 1:37 PM ET
Categories: The Daily Catch
Save & Share: Previous: Glenn Beck approves of Jon Stewart/Stephen Colbert rallies
Next: As National Book Festival approaches, we wonder: Which books changed your world?
Posted by: thomasmc1957 | September 21, 2010 11:22 AM | Report abuse
Posted by: secapp | September 21, 2010 11:47 AM | Report abuse
Posted by: ArlingtonVA3 | September 21, 2010 12:18 PM | Report abuse
Posted by: MiuBot116 | September 21, 2010 1:37 PM | Report abuse
Posted by: hlmelsaid761 | September 21, 2010 4:43 PM | Report abuse