Hackers Exploit Twitter Security Flaw

| News

Twitter users that rely on the social network’s Web site were in for a surprise Tuesday morning when hackers began taking advantage of a JavaScript security flaw allowing them to redirect users to other Web sites without their permission.

The flaw lets hackers perform actions such as displaying pop-up windows or redirecting them to Web sites simply by passing their mouse cursor over text in a tweet. In some cases, blocks of color are being used in tweets to hide their malicious nature, too, according to Mashable.

So far, hackers seem to be favoring phishing and porno sites with their malicious links, although some reports have been surfacing claiming the links could be used to compromise user accounts, too.

Avoiding the problem is as simple as using a Twitter client application instead of the Twitter Web site until the flaw has been fixed.

Twitter has not yet commented on the issue.

Comments

Lee Dronick

Am I understanding this correctly? Someone posts a tweet that contains javascript?

jfbiii

So wait…you roll your cursor over text and get a pop-up? That sounds familiar.

Lee Dronick

Ars Technica has a pretty good explanation on how it was done.

Log-in to comment