homepage Welcome to WebmasterWorld Guest from 54.211.231.221
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe and Support WebmasterWorld
Home / Forums Index / Social Media / Twitter
Forum Library, Charter, Moderators: rumbas

Twitter Forum

    
Looks like Twitter was hacked
rocker




msg:4204730
 12:56 pm on Sep 21, 2010 (gmt 0)

[news.cnet.com...]

 

tedster




msg:4204735
 1:08 pm on Sep 21, 2010 (gmt 0)

Yes, I was just nailed by the mouseover hack/worm that's making it's way around twitter right now. It started auto-posting itself under my account so it could spread.

I just closed the browser window and switched to tweetdeck - then deleted all those stupid worm posts. Probably not a good idea to access Twitter directly for a while!

Gizmodo has some coverage, now

The exploit takes advantage of the Javascript function onMouseOver, enticing users with colorful blocks of text—"rainbow tweets"—and then retweeting those messages automatically when the block is moused over. In some cases the links launch pop up windows, in others users are being directed to spam and #*$! sites.

Third party apps are safe from the bug, but because the exploit spreads by users merely hovering over links, visiting the Twitter website right now almost guarantees that you'll inadvertently retweet one of the messages.

[gizmodo.com...]

bwnbwn




msg:4204740
 1:38 pm on Sep 21, 2010 (gmt 0)

I think but not sure my wife got this bug last week. I am not sure what she had but from a detailed discussion with her I really could never nail down the place she got it.
She was on Yahoo Mail and we were IM talking when it hit her. You know the security warning popup up so she didn't click anything but cut the computer off as I had instructed her. She still got the bug and a bad one at that. The only sites that were open at the time of the attack were yahoo email, FB, and Yahoo IM.
I was able to do an install of malwarebits to get the trojans pulled. She had 5 trojans installed on the computer.
Took me 2 1/2 hours to get the computer cleaned up disabled AVG and Internet exployer. I had to uninstall AVG and do a clean install to get everthing back to working. Whatever it was was a really tough one to get off.

tedster




msg:4204743
 1:45 pm on Sep 21, 2010 (gmt 0)

As far as I know, this particular worm is only active on twitter.com - and although it could redirect you to a malware site, I've seen no reports of that.

TechCrunch has just produced a five point program to deal with the mouseover worm:

1. Don’t use the Twitter web site, especially the older version.

2. Use a desktop application like Tweetdeck, Seesmic or similar. Although the affected tweets do appear in your stream, they will not produce the same mouseover effect.

3. Use the Twitter mobile site, which appears to be unaffected.

4. Delete the affected tweets by avoiding the main web site and logg-in to the mobile site instead. Then delete the forced Retweet. Delete any tweets so that the worm does not spread to your friends and followers.

5. Change your password just in case.

[eu.techcrunch.com...]

netmeg




msg:4204747
 1:48 pm on Sep 21, 2010 (gmt 0)

Only a matter of time.

tedster




msg:4204748
 1:52 pm on Sep 21, 2010 (gmt 0)

News from Twitter about their problem:

We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

We expect the patch to be fully rolled out shortly and will update again.

[status.twitter.com...]

BillyS




msg:4204752
 1:59 pm on Sep 21, 2010 (gmt 0)

This is one of the big benefits of WebmasterWorld - getting news like this so quickly. I'm staying away from Twitter until the all clear.

tedster




msg:4204761
 2:07 pm on Sep 21, 2010 (gmt 0)

According to Mashable, Twitter has now sounded the "all clear"

Update (10:00 a.m. ET): A spokesperson for Twitter tells us "This should now be fully patched and is no longer exploitable."

[mashable.com...]


Maybe, but they've definitely made me gun-shy about using Twitter.com through a browser. Third party apps have their own issues, too. Ah well, whatchgonnado?

driller41




msg:4204792
 2:45 pm on Sep 21, 2010 (gmt 0)

Would Firefox with the NoScript plugin protect the user - or would Twitter simply not work with the plugin enabled.

rocker




msg:4204797
 2:54 pm on Sep 21, 2010 (gmt 0)

Has anybody tried twitter.com via the web yet?

tedster




msg:4204816
 3:26 pm on Sep 21, 2010 (gmt 0)

I have. It looks like there are no mouseover tweets around, and they're easy to spot because they are bare javascript instead of a message. It's just that hover activates them instead of a click -that's the real nuisance factor.

rocker




msg:4204817
 3:28 pm on Sep 21, 2010 (gmt 0)

Thanks, tedster

engine




msg:4204846
 4:12 pm on Sep 21, 2010 (gmt 0)

Twitter confirmed the XSS Attack is fully patched.

frontpage




msg:4204854
 4:20 pm on Sep 21, 2010 (gmt 0)

Would Firefox with the NoScript plugin protect the user


NoScript has XSS protection.

engine




msg:4204865
 4:41 pm on Sep 21, 2010 (gmt 0)

For those that want to know more...
The Twitter hack: how it started and how it worked [guardian.co.uk]
A Japanese developer was the first to notice the weakness in Twitter's site and says he reported it as far back as mid-August. He put up a demonstration - and then the exploits flourished.The original discovery of the weakness, known as a "cross-site scripting" (XSS) hack, seems to have been made by a Japanese developer called Masato Kinugawa. He says that he reported an XSS vulnerability to Twitter on August 14 - and then discovered that the "new" Twitter, launched on Tuesday 14 September, had the same problem.

StoutFiles




msg:4204905
 5:58 pm on Sep 21, 2010 (gmt 0)

The real solution is to stop using Twitter forever.

keyplyr




msg:4204971
 8:16 pm on Sep 21, 2010 (gmt 0)

So much for the superiority of OAuth

Sgt_Kickaxe




msg:4205064
 12:03 am on Sep 22, 2010 (gmt 0)

You can still visit the twitter site to read messages, just don't log in. You can't re-tweet when logged out.

Stefan




msg:4205070
 12:28 am on Sep 22, 2010 (gmt 0)

My sympathies, Tedster, but you should really consider being more careful about allowing scripts to run on your browser, unless there's a true need for a particular site, and you trust it completely. It's like leaving your doors and windows wide open in the centre of town. Hard to complain about being robbed afterwards.

r4bet




msg:4205142
 7:06 am on Sep 22, 2010 (gmt 0)

Islamic Republic of iran hacked it like past ...

httpwebwitch




msg:4205309
 3:08 pm on Sep 22, 2010 (gmt 0)

Then within a few minutes he saw that it had started spreading virally. "holy #*$!. I think this is exponential: "3381 more results since you started searching," he said - adding, a few minutes later "This is scary."


Very reminiscent of the famous "Samy" worm that hit MySpace a few years back. This is what happens when someone with XSS skillz and a low threshold for risk assessment ponders, "I wonder what will happen if I throw this wrench into that big fast-moving machine that doesn't belong to me?"

I wonder if there will be any legal repercussions for the kiddies who did it.

anallawalla




msg:4205618
 5:28 am on Sep 23, 2010 (gmt 0)

"Melbourne teenager becomes the terror of Twitter" [theage.com.au...]

httpwebwitch




msg:4206308
 11:53 am on Sep 24, 2010 (gmt 0)

He said it was Twitter's responsibility, not his, to keep the site secure.


A juvenile understanding of ethics & law. Now that I have read a little about the people who exploited the vulnerability, I hope there are charges laid and convictions made.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Social Media / Twitter
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved