Twitter Explains Away “onMouseOver” Attack

After receiving numerous reports from the twitterverse and blogosphere, Twitter has finally posted an explanation regarding the “onMouseOver” exploit.

The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed.

The longer story: The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted website into another one. In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user. (Official Twitter Blog)

The company acknowledges that the exploit seemed to be geared more towards pranking users or promotion (note: of what the Twitter teams fails to elaborate), although they also stated that the exploit thus far didn’t seem to cause mayhem upon anyone’s computer.

According to Twitter the “onMouseOver” exploit only affected users tweeting from Twitter.com, as users utilizing official or third party apps (i.e. Twitter for iPad, Echofon, etc.) were not affected.

See Also
Awards Excellence

While this hack did cause an uproar in the twitterverse (as few knew how dangerous the exploit was), it probably justifies Twitter stance on using their own short URL in order to verify links being shared online.

Either way users should always be careful upon clicking links on Twitter, and only click on links from people (or organizations) that they trust.

Picture of Darnell Clayton

Darnell Clayton

Darnell Clayton is a geek who discovered blogging long before he heard of the word "blog" (he called them "web journals" then). When he is not tweeting, friendfeeding, or blogging about space, he enjoys running, reading and describing himself in third person.

RECENT ARTICLES

TRENDING AROUND THE WEB

7 signs you’re in a relationship with someone who lacks emotional depth

7 signs you’re in a relationship with someone who lacks emotional depth

Baseline

10 personality traits of men who show true loyalty in a relationship

10 personality traits of men who show true loyalty in a relationship

Global English Editing

10 signs you’re giving way too much and your partner is taking advantage of it

10 signs you’re giving way too much and your partner is taking advantage of it

Small Business Bonfire

4 zodiac signs who are definitely on the right path in life

4 zodiac signs who are definitely on the right path in life

Baseline

7 clever ways to show a master manipulator you won’t play their games

7 clever ways to show a master manipulator you won’t play their games

Small Business Bonfire

10 subtle signs you are actually an extremely likable person

10 subtle signs you are actually an extremely likable person

Global English Editing