Updated 14:30, 15:05
TWITTER HAS MOVED to implement a short-notice security patch after the service was swamped by a rampant JavaScript exploit that automatically posted itself to a user’s timeline simply by hovering the mouse over it.
Users were forced to avoid using the service’s website and instead to use third-party applications, after a series of malicious security exploits spread like wildfire over the microblogging platform.
Shortly after noon, users began seeing large chunks of blacked-out text in timelines, which – when hovered over by users mistaking the message for blacked-out formatting – automatically filled the ‘New Tweet’ space on the page and tried to post the message.
The code in question was a JavaScript exploit which masquerades itself as a traditional hyperlink, so as to evade Twitter’s automatic filters, but triggered a sequence that automatically posted the same message to a user’s own timeline, thus continuing its spread.
The rapid proliferation of such malicious messages across the site that the Twitter security staff were forced to issue a short-notice update to the site, so as to stop such tweets from constantly republishing themselves.
Perhaps ironically, one version of the bogus “link” purported to direct to a fictional site called a.no – or, if read aloud, “Ah No”. Naturally, no such site exists.
http://a.no/@”onmouseover=”;$(‘textarea:first’).val(this.innerHTML);
Poll Results:
Comments (1 Comment)