Security firm Sophos posted a blog earlier Tuesday identifying the problem, which Twitter identified and fixed.
According to CNET's Caroline McCarthy, here's how the hack worked:
"By putting a bit of JavaScript code ("onmouseover") into a URL in a tweet, a user can cause a pop-up message to emerge when someone hovers a cursor over that link," she wrote.
At first, Sophos noted that primary exploiters of the loophole were using it for "fun and games," but the exploit spread rapidly and began directing some users to pornography sites, reports McCarthy.
The exploit was eventually used to "auto-tweet" more mouseover links, affecting thousands of users.
The hack only appeared to affect visitors to Twitter.com. Various third-party programs used to send and read tweets appeared to be unaffected.
Source:
0 comments:
Post a Comment