Popular social networking website, Twitter, had been hit by hackers on September 21, 2010. Using the java code in Tweets, hackers redirected users to various porn websites and malware sites.
This loop, known as “onemouseever” uses the JavaScript element in Twitter input. The hackers, uses JavaScript code into a URL in a Tweet. When a user places his cursor on that Tweet, a pop-up message appears and it does not go away. In many cases, the user is redirected to a porn site or malware site.
The loopwhole even exists at the latest Twitter Web Interface that had been launched last week.
Bob Lord from Twitter’s security team said, "The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS),……Cross-site scripting is the practice of placing code from an untrusted Web site into another one. In this case, users submitted JavaScript code as plain text into a Tweet that could be executed in the browser of another user."
Twitter was notified about the problem at 2:45am Pacific time and the solved the problem within 12:15pm. Users who accessed Twitter via third party apps had not been affected by this problem.
The loophole was first discovered by a Japanese hacker, Masato Kinugawa. He first Tweeted about the problem on August 14, 2010. Kinugawa found that the new Twitter Web Interface has the same loop. He then created a test account called “Rainbw Twtr” and used Javacode to create blocks of color and then other hackers started to notice problem.
Related articles:
CNET (1)
CNET (2)
0 comments:
Post a Comment