Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Suffers Web Interface Exploit

Posted by CmdrTaco on from the they-meant-to-tweet-that dept.

HaloZero writes "We're seeing lots of re-tweets on Twitter.com right now, all containing a fragment of JavaScript, which re-tweets itself when moused-over on the Twitter web interface. This could easily be muted into a more sinister attack, so it is recommended that you use a third party client application, or refrain from social media altogether until the problem is resolved."

12 of 165 comments (clear)

  1. First Post by Anonymous Coward · · Score: 5, Funny

    http://t.co/@"onmouseover="document.getElementById('status').value='RT test_nau';$('.status-update-form').submit();"style="background:red"/

    Before you mod me down, please consider the fact that I have a sense of humour plus I posted using "Plain Old Text" plus the script does not work on Slashdot.

    1. Re:First Post by blai · · Score: 5, Funny

      RT @Anonymous\ Coward http://t.co/@ [t.co]"onmouseover="document.getElementById('status').value='RT test_nau';$('.status-update-form').submit();"style="background:red"/ Before you mod me down, please consider the fact that I have a sense of humour plus I posted using "Plain Old Text" plus the script does not work on Slashdot.

      --
      In soviet Russia, God creates you!
  2. Re:Hmm by MrHanky · · Score: 4, Funny

    It's the best, perhaps only way to automatically retweet. That's a fairly unique service.

  3. Obligatory xkcd by labcoatless · · Score: 3, Funny

    http://xkcd.com/327/

  4. Re:Easy solution by Dragoniz3r · · Score: 3, Funny

    I'm sorry, but 1994 called, and it wants its World Wide Web back. Interactive webpages are the future, they are actually really nice when they're done properly, and denying that is just holding you back. I expect that sooner or later secure programming mentalities will become deeply ingrained in Web programming, and things like this will stop happening. There will always be bugs, but that's no different from any other software.

    NoScript is a much better solution than out-and-out disabling javascript anyways.

  5. Re:Or mobile by bbtom · · Score: 4, Funny

    The conditional word "if" was included for your convenience.

    --
    catch (HumourFailureException e) { e.user.send("You, sir, are a humourless idiot."); }
  6. Re:Hosts file by Thanshin · · Score: 3, Funny

    nothing of any real import can be expressed in 140 characters...

    "The bag is in locker #437. You'll find your fee and the target's dossier inside."
    "The guy I was having fun with is dead in your kitchen and cops are coming. XOXOXO"
    "Cut the red wire."
    "Salutations earthlings. We come in peace."

    Never used Twitter but 140 seems to be a lot. Maybe you're a bit too wordy.

    "Dear Mr.Assassin. I've left the money, in $20 bills, inside big a black leather bag. The target data will be inside the bag that you'll find in locker #"

  7. From TFS by vegiVamp · · Score: 3, Funny

    "refrain from social media altogether until the problem is resolved"

    I've been doing exactly that, and intend on keeping to do that until the problem of Twitter has been resolved.

    --
    What a depressingly stupid machine.
    1. Re:From TFS by vegiVamp · · Score: 2, Funny

      The hidden webcams I've mounted everywhere in their houses, of course.

      --
      What a depressingly stupid machine.
  8. Re:Or mobile by JustOK · · Score: 2, Funny

    So, if he doesn't want to use the web interface, then is the mobile version affected or not?

    --
    rewriting history since 2109
  9. Re:Or mobile by Bonewalker · · Score: 2, Funny

    If a social media hub is infected with a virus and no one is around to mouse-over it, would it still make Slashdot's front page?

  10. Re:Hmm by grub · · Score: 2, Funny

    Well, we're even. I had to google "shibboleth" :)

    Cheers!

    --
    Trolling is a art,