A JavaScript exploit has allowed all kinds of sites you wouldn’t want your boss to catch you looking at to pop-up sites and text through Twitter.com and forcing a re-tweet, even if all a user does is move their mouse over a particular link. Update: It’s been fixed.
The exploit has spread to thousands of accounts now – some with hardcore porn pop-ups, other with jokey references to the exploit – so stick with a third-party Twitter client for the time being to read and send your short updates. [Link and image via Sophos]
Update: Some have reported that simply visiting Twitter.com, with certain tweets from your followers loaded, could be enough to trigger an incident (that link is Twitter.com too, but only to a specific no-link tweet). Avoid Twitter.com entirely until the exploit is repaired.
Update 2: Twitter posts that the exploit has been patched, but it’s likely still a good idea to let the fix propagate through DNS servers before heading back to Twitter’s web client.
Leave a Reply
You must be logged in to post a comment.