Twitter Suffers Web Interface Exploit

HaloZero writes "We're seeing lots of re-tweets on Twitter.com right now, all containing a fragment of JavaScript, which re-tweets itself when moused-over on the Twitter web interface. This could easily be muted into a more sinister attack, so it is recommended that you use a third party client application, or refrain from social media altogether until the problem is resolved."

Re:Again?

[Kristopeit,MichaelDa]

because the raw input should be stored in case additional sanitation processing is required in the future. re-sanitizing might not be feasible as new special characters were introduced to replace old.

this is about sanitizing OUTPUT... there is probably someone in the company like you that handles output sanitation by completely ignoring it and doing all sanitation on the input side... then they are switched to a different team or a new feature is thrown in the mix that doesn't comply with the standards used in different teams... boom. billion dollar company looks like chumps. children playing on daddy's computer. certainly not to be trusted.

Re:Additional details from Netcraft, Sophos

[davek]

There's more info on the spread of this exploit from Paul Mutton at Netcraft

Well, then it must be true if Netcraft confirms it.