Risk
9/21/2010
10:39 AM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Twitter Under Attack

There's a cross-site site scripting flaw aggressively spreading across the social networking site Twitter. I know, I was hacked first thing this morning. . .

There's a cross-site site scripting flaw aggressively spreading across the social networking site Twitter. I know, I was hacked first thing this morning. . .Right after waking my system from sleep, the webpage on screen was the Twitter.com homepage. I no more than moved my mouse across the screen and my account was hacked and I had Tweeted code from one of the Twitter "onmouseover" worms running rampant.

Not a fun way to greet the day.

Anti-virus firm Sophos has detail on what had happened:

The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. In a worrying development, messages are also spreading virally exploiting the vulnerability without the consent of users.

Thousands of Twitter accounts have posted messages exploiting the flaw. Victims include Sarah Brown, wife of the former British Prime Minister.

Nice.

Now, I can't say much about Twitter not acting quickly on this flaw, before I got this blog posted, Twitter support claims to have found and patched the flaw.

Hopefully so. But for the next few days I'll be using third-party Twitter interfaces just to be safe, such as Tweetie and TweetDeck.

It's still safe to follow @georgevhulme on Twitter, for daily security, technology, and business observations.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0845
Published: 2015-04-17
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

CVE-2015-0967
Published: 2015-04-17
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

CVE-2015-0968
Published: 2015-04-17
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.

CVE-2015-0969
Published: 2015-04-17
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

CVE-2015-0970
Published: 2015-04-17
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.