Mouse-Over Exploit Hits Twitter.com

A JavaScript exploit has allowed all kinds of sites you wouldn't want your boss to catch you looking at to pop-up sites and text through Twitter.com and forcing a re-tweet, even if all a user does is move their mouse over a particular link. Update: It's been fixed.

The exploit has spread to thousands of accounts now - some with hardcore porn pop-ups, other with jokey references to the exploit - so stick with a third-party Twitter client for the time being to read and send your short updates. [Link and image via Sophos]

Update: Some have reported that simply visiting Twitter.com, with certain tweets from your followers loaded, could be enough to trigger an incident (that link is Twitter.com too, but only to a specific no-link tweet). Avoid Twitter.com entirely until the exploit is repaired.

Update 2: Twitter posts that the exploit has been patched, but it's likely still a good idea to let the fix propagate through DNS servers before heading back to Twitter's web client.


Comments

Be the first to comment on this story!

Trending Stories Right Now