Twitter Patches Porn Site Worm Flaw

Well, at least they took care of this one relatively quickly …

Twitter has today updated its website to patch a flaw that was allowing spammers to cause multiple pop-ups with links to porn websites.

The code has beens spread by worms and thousands of people around the world have been caught out.  The self-replicating worm exploited a cross scripting (XSS) vulnerability and used just a small amount of Javascript to automatically direct Twitter website users to another website.

The vulnerability appeared to users as a coloured block that users only had to mouse-over to activate.

It only affected people directly using the website Twitter.com and not other third-party software such as TweetDeck or applications on smartphones.

The worm was initially created by Magnus Holm who “”simply wanted to exploit the hole without doing any ‘real’ harm” according to BBC News.  “It started off as ‘ha, no way this is going to work’.”  The flaw was later identified by others however after he used it and was then used for more unwanted purposes.

Mr Holm said he’d seen the worm passed around in at least 200,000 tweets.

In April 2009 Twitter suffered another attack that spread links to a rival website.  Twitter security chief Bob Lord said today This issue is now resolved. We apologise to those who may have encountered it.”


© Mike Halsey for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , ,

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures remote device management products for IT applications. WTI’s Console Switch products, Remote Reboot products, Switched PDU products and A/B Fallback products are engineered to allow you to securely manage and troubleshoot rack equipment in remote locations.

Tags: , , ,

Comments are closed.