Did you hear of the security issue on Twitter.com?
On Wednesday, a cross-site scripting exploit was discovered after a recent update of Twitter.com. The vulnerability allowed browser executable code to be injected into posted messages. The code executed when you moved your mouse over a link.
The exploit was used to redirect you to other sites. The vulnerability was certainly exploited by miscreants to deface and infect some Twitter pages but it’s unknown if this flaw was used by criminal hackers who could use the bug to install malicious software on a person's computer to collect personal and financial information.
As social media sites increase in popularity, there will be increasing efforts to uncover flaws to exploit personal information or deliver malicious code.
The security issue was quickly corrected by Twitter.com
Here is Twitter’s explanation:
http://blog.twitter.com/2010/09/all-about-onmouseover-incident.html
Here is Sophos’ Graham Cluley’s blog on the flaw. Note that on the blog you can download a free Sophos virus scan.
http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/
Jeff Gibson is a Vulnerability and Forensics analyst at Westfield Insurance. Sharing Knowledge. Building Trust.
Comments