Twitter Closes Hole After Attack Hits Up To 500K Users

chicksdaddy writes "Twitter closed an ugly cross site scripting hole in its Web page Tuesday morning, but not until a fast moving attack, including at least two Twitter worms, compromised hundreds of thousands of user accounts. At its height, the attacks were hitting 100 Twitter users each second, putting estimates of the total number of victims at around 500,000 according to researchers at Kaspersky Lab."

Seriously

How complicated is it to write somewhat secure software that processes 140 character messages?

Re:Seriously

[MobileTatsu-NJG]

How complicated is it to write somewhat secure software that processes 140 character messages?

Yeah, they should shorten it to 70 characters and make it twice as secure.

Re:Seriously

[mark72005]

If they were using old Adobe employees, Twitter would start requiring you to update your system every 2 or 3 hours.

Re:Seriously

[lennier]

"and add features nobody wants" going by the demand for url shortening services, TwitPic, TwitVid, etc, etc. It's obvious there is demand for new features.

And presumably the top of those features would be "allow messages larger than 140 characters so that we can just post the actual URL".

With a few billion dollars and about 40 years worth of solid development, Twitter might eventually turn into some sort of simple transfer protocol for multipurpose Internet mail...

Interesting, yet pointless

[pablo_max]

Really,I know a lot of people seem to be using twitter, but I just don't get it. Am I too old? Hell, I don't actually know anyone using it. At least I don't think I do.
Why are people so interested to read an internet based text message? Is it really better than reading a well thought out and reasoned article about something?

More and more I see on all these tech news sites and blogs that they heard from so and so's tweet that such and such will be released with this and this. Then, all the other news sites link to the first blog who is using twitter as a source of information.
Since when is a text message a reliable source of information?

Re:Interesting, yet pointless

[stepdown]

I treat it more as an RSS feed. A lot of people use it to link to full articles, and as a means of just sharing links to information it's great.

Re:Interesting, yet pointless

That's not the point. Microblogging isn't blogging. Look, here's some people I follow on twitter

1) Wikleaks - they announce new leaks and news articles about em
2) Bands, e.g. Oceansize tweeted "People of York, be warned we are likely to be opening the doors late. There are fucktonne of problems with this venue.". 65dos also just released a free track!
3) Comedy stuff, e.g. the chilean_miner account: "Another troubled night. Ramon was mining in his sleep again" or Jesus_M_Christ: "Mesus Christ, I got hacked? I knew it was a mistake to mouseover a link on Judas' Twitter page."
4) Friends, who talk about their daily lives (these things interest me)
5) Work collegues, to see what conferences they're at and what they're working on
6) Stuff to do with the societies I'm in at uni, like student robotics organising get-togethers and pub trips.

Try it. Follow your favourite authors, musicians, websites and so forth. It's like a huge aggregated RSS feed with stuff that isn't normally syndicated included.

Re:Interesting, yet pointless

[Abstrackt]

Yet, you read and post Slashdot comments.

It's no fun complaining about something if no one sees or hears you doing it.

I have a theory that this is also why Facebook and Twitter have gained so much popularity. Half the updates I see on either are complaints about work, chores, some person who won't be named but must be publicly called out on some unspecified charge and/or the weather.

Re:Interesting, yet pointless

No, I don't use Twitter. Yes, I see the point of using Twitter. No, I don't go around telling people how great life is without Twitter.

I'm sure that there are thousands of fantastic services out there, both on the internet and IRL, for which I have no use, and loads of great services for which I can't even envisage a practical use.

Another thing; your own viewpoints aren't the only ones and likely to be incorrect or incomplete when thoroughly scrutinized. Deal with it.

Re:Interesting, yet pointless

[ColdWetDog]

Hi Gramps! Shuffleboard on the main patio in 15 minutes. See you there.

Face the facts. Email is for us old people. Twitter is for, well, twits. But that's OK, the nurses are kinda cute and I like not having to get up early in the morning.

Re:Interesting, yet pointless

[kaiser423]

Instead of having our captain for the team manage an ungodly email list for game times, updates, notifications, etc, he just has a twitter feed.

That way, it's hey you're new to the team, subscribe to @MySoccerTeamName and get all the info on when/where our games are, planning for team BBQ's, etc.

Because someone always changes an email, or someone gets all spam-infected and spews to the whole list or whatever and you have bounces, etc.

A twitter feed is just dead simple. It's also nice for quick updates; I couldn't make the game, but the captain tweeted a 5-2 win immediately after, so I got to see it.

It's incredibly nice; no need to visit a webpage or check your email or whatever, it's in a little app that everyone has on their phone or computer or whatever.

Re:Interesting, yet pointless

[metamatic]

Actually, no, as a means of just sharing links to information it sucks, because you generally can't fit URLs and useful description into 140 characters--so you either have to skip describing the thing you're linking to, or you have to obfuscate the URL through a redirection service.

Facebook, delicious.com, Tumblr etc are much better ways of sharing links to information.

Re:Interesting, yet pointless

[lennier]

Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.

Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.

Tim Berners-Lee cries!

Obligatory

Twitter closes hole after attack hits up to 500 000 of its users, known as twits.

Title should have been: The early bird...

[Starteck81]

...gets the worm and then tweets about it. ;-)

But something was gained!

[spun]

Anything that gets Twitter to shut its damn hole is a good thing IMHO.

Why all the hate?

[inanet]

I really don't get the twitter hate.

I don't like facebook, but I can see its value, particularly if you manage it right and use it to share news and photos with friends and family etc. there are other valuable uses, but I use the example.

I still dont use it.

I don't use bebo, or myspace, or facepalm or crotchpunch.

Doesn't mean I have to hate on them.

I use twitter in much the same way other people have mentioned. I don't follow twitter shitters. (people who tweet constantly about inane shite) But I do follow people who provide interesting information, along with people I know and a range of news sites from aljazeera to bbc, to the NZ news site stuff, to Scientific american, and a range of others!

I follow a range of people, and I Find twitter useful because i can fire up my smartphone, pull up my twitter client and get a "snapshot of the world" and that's really what it is, any big news event happens, anywhere in the world I would probably put money on the fact I'll hear about it before anyone who isn't on twitter and isn't directly affected.
XKCD did a great comic about how people could hear about an earthquake via twitter before the actual shockwaves hit them.
but in short, if you don't want to use twitter, then don't, but all that your raging anti-twitter stance says is "I tried twitter but nobody followed me back"
so obviously you had nothing to add, therefore thank you for not using the service, you've increased its value already!

Re:Why all the hate?

[apoc.famine]

I had this discussion over some beers with some like-minded friends recently. What we settled on was, "When does it stop?"

BBS, finger, chat, IRC, email, IMs of 90 flavors, pagers, forums, MySpace, texting, LiveJournal, Blogs, Facebook, Twitter, LinkedIN, etc...

I think the Twitter hate is because you are hanging around the demographic that's largely filled its quota for "new shit that I have to keep track of". Add in our games, RSS feeds, slashdot, comics, etc., and we've filled our time on the internet. We either have to start purging old methods of communication and old pastimes, or we can't start new ones.

Right now, there's a large number of us who have thriving communities in enough places that we're not interested in another. It's not just Twitter - that's just the one that we're being pushed the hardest to adopt. And for a lot of us, Twitter doesn't hold a draw. I'm sure you've found some reasons to adopt it. But I don't have time for it. I'm full up.

Yet here you are, blathering on about how you use Twitter for so many things, how useful it is, blah blah blah.

Does it make any more sense now why the Twitter hate? We don't care already. Shut up about it. Some of us aren't about to give up something else for Twitter, and we'd need to in order to pay attention to it.

Our information bandwidth has been exceeded.

The sooner you and everyone else stops rambling on about The Next Big Thing On The Internet, the sooner we'll stop hating it.

(For the record, I came here to find technical details about the XSS, for although I don't care about Twitter, the details are important in the grand context of the internet. I just figured since you hadn't figured it out yet, I'd stop and point out why a lot of us hate Twitter. And your post which had nothing to do with the details of this attack is a prime example. We get it. You want to make passionate love to Twitter and have its babies. Yet you come to an article about a hack job, and instead of posting anything interesting about the technical aspects, you post a totally unrelated bit of flamebait about "Twitter Hate". That's why we hate Twitter. People doing what you just did. So if it bothers you that we hate your exciting new lover, stop posting shit about your love for Twitter when it's entirely inappropriate.)