Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Hit With Second Worm In a Week

Posted by CmdrTaco on from the security-is-hard dept.

adeelarshad82 writes "Days after a site update unleashed a Twitter cross-site scripting attack, the micro-blogging site was again hit with a bug that spread via questionable links. The offending messages appeared on a user's Twitter feed with 'WTF:' followed by a link. If you clicked on that link, you were taken to a blank page, but behind the scenes, the worm would post vulgar messages on your account that discussed, well, sex involving goats."

11 of 97 comments (clear)

  1. This is why... by thescreg · · Score: 5, Funny

    It took me awhile to realize what was going on. This is pretty much what I post about on Twitter anyway.

  2. Sex with goats? by The+Good+Reverend · · Score: 4, Funny

    Um, no, actually. That really was me.

  3. Re:where is that goatsex link when you need it? by ShaunC · · Score: 5, Informative

    WTF: Goatse

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  4. Re:I guess this script is baaaad for you. by Bill,+Shooter+of+Bul · · Score: 4, Informative

    No. This is a Cross site Request Forgery attack. The Script in this case, was on the linked site, not in the tweet.

    For those not in the know:

    OWASP Cross Site Request Forgery Prevention sheet Sheet

    --
    Well.. maybe. Or Maybe not. But Definitely not sort of.
  5. Re:where is that goatsex link when you need it? by Anonymous Coward · · Score: 5, Funny

    Now I've seen everything!

    A link to goatse is at "+2 Insightful" as I type this.

    A historical day at slashdot to be sure

  6. The early bird... by Anne_Nonymous · · Score: 4, Funny

    ...gets the worm.

  7. Finally by rudy_wayne · · Score: 4, Funny

    the worm would post vulgar messages on your account that discussed, well, sex involving goats

    Finally!! Something worthwhile on Twitter.

  8. Re:I guess this script is baaaad for you. by nacturation · · Score: 4, Informative

    This post explains it quite well: http://www.andrewnacin.com/2010/09/26/csrf-twitter/

    Essentially, just create one or more iframes, with the iframe source set to http://twitter.com/share/update?status=WTF+PAYLOAD

    As long as you're logged into Twitter via the web, it will auto-post that update without any request for permission from you.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  9. Re:Great - more 4Chan? by amicusNYCL · · Score: 4, Insightful

    You have to use twitter and be the type of person who clicks on questionable links without regard.

    Which of these links is "questionable":

    http://tinyurl.com/2tx
    http://bit.ly/heezy
    http://xrl.us/bh2p3m

    That's what all of the links on Twitter look like, which are OK and which are questionable? How does one distinguish?

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  10. Re:Great - more 4Chan? by Dancindan84 · · Score: 5, Insightful

    All of them. I don't click on shortened URLs. Nor should anyone who isn't a Rick Astley or Goatse fan.

    --
    "Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
  11. Re:Great - more 4Chan? by icebraining · · Score: 4, Informative

    Or you could install this GM script which expands them to the real URL without actually loading it.

    --
    Dilbert RSS feed