Languagesx
English Deutsch
Subscribe
Home Twitter Hit By Security Flaw: Avoid Twitter.com [Update]

Twitter Hit By Security Flaw: Avoid Twitter.com [Update]

The long and short of it this morning is don’t go to Twitter.com. The site is currently experiencing what might be a number of security issues, with the most obvious one being a security exploit pointed out by security firm Sophos, that can execute code when you mouseover a link in your Twitter feed. The security flaw is an XSS, or cross-scripting, exploit that allows malicious Javascript to be inserted into a tweet, which can then run code on your computer.

According to severalsources, the exploit has quickly changed over time this morning, and users do not even need to mouseover a link to be affected by the flaw.

Update: 10:40 AM – Twitter has posted a full explanation of today’s incident.

Update: 7AM – Twitter now says that the XSS attack has now been “identified and patched”.

We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

We expect the patch to be fully rolled out shortly and will update again when it is.

Already, Favstar has seen more than 24,000 retweets of one particular implementation of the bug. A quick look at the trending topics this morning shows quite how quickly the exploit has spread, with “Exploit”, “Security Flaw”, “Mouseover”, “Onmouseover” and “XSS” taking up five of the top 10 topics. Both Mashable and TechCrunch report having seen the exploit used to open pop-up windows, redirect users to porn sites and simply do “funny, rick-rolling type stuff”, but the nature of the exploit appears to be changing quickly as the morning goes on.

Goerg Wicherski, a Kaspersky Lab Expert writing on the exploit warns that users should turn off Javascript for Twitter. “It is possible to load secondary Javascript from and external URL with no user interaction, which makes this definitely wormable and dangerous,” he writes.

Twitter user Judofyr noted earlier this morning that there appeared to be an “ugly XSS hole in Twitter right now” and now says that, as far as he knows, he “started the first worm” but can’t say for sure.

For now, if you really need to feed the Twitter addiction, it appears that third-party clients are standing up against the attack, so go with that. But the best bet with the website (although the new Twitter.com doesn’t appear affected) is to avoid it until further notice.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags

Related News

A stunning 3D render of a detailed map of Europe, characterized by intricate lines of connectivity crisscrossing the entire continent. The map is rendered in a muted color palette, with distinct shades of green, brown, and gray for landmasses, and a vibrant blue for bodies of water. The connectivity lines, shimmering with a subtle glow, highlight the interconnectedness of cities, countries, and regions, symbolizing the flow of people, ideas, and commerce.,
Small browser companies like DuckDuckGo and Ecosia see user surge in Europe
Sophie Atkinson
AI inspired image of Reddit IPO on Wall Street / Reddit shares rise 11% in just one day since options launch for IPO
Reddit striving for $6.4 billion valuation in upcoming IPO
Graeme Hanna
Microsoft updating
Microsoft Edge users report serious issues following recent update
Rachael Davies
Twitch confirms first ever subscription price increases
Twitch confirms first ever subscription cost increases, US set to follow
Graeme Hanna
Safer Internet Day
Safer Internet Day: Why it matters now more than ever
Charlotte Colombo

Most Popular Tech Stories

Latest News

Baldur's Gate 3's new patch will allow for moderation of the game’s features, including stats, music, and visuals
Gaming

Baldur's Gate 3's latest patch brings more mod support and tools
Brian-Damien Morgan4 hours

Larian Studios has announced that a new Baldur's Gate 3 patch will allow for moderation of the game’s features. Announced in a detailed Steam Community Update post titled “Evil Endings,...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.