Welcome to WebmasterWorld Guest from 54.167.157.247

Forum Moderators: not2easy & rumbas

Message Too Old, No Replies

Looks like Twitter was hacked

   
12:56 pm on Sep 21, 2010 (gmt 0)
1:08 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Yes, I was just nailed by the mouseover hack/worm that's making it's way around twitter right now. It started auto-posting itself under my account so it could spread.

I just closed the browser window and switched to tweetdeck - then deleted all those stupid worm posts. Probably not a good idea to access Twitter directly for a while!

Gizmodo has some coverage, now

The exploit takes advantage of the Javascript function onMouseOver, enticing users with colorful blocks of text—"rainbow tweets"—and then retweeting those messages automatically when the block is moused over. In some cases the links launch pop up windows, in others users are being directed to spam and #*$! sites.

Third party apps are safe from the bug, but because the exploit spreads by users merely hovering over links, visiting the Twitter website right now almost guarantees that you'll inadvertently retweet one of the messages.

[gizmodo.com...]
1:38 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I think but not sure my wife got this bug last week. I am not sure what she had but from a detailed discussion with her I really could never nail down the place she got it.
She was on Yahoo Mail and we were IM talking when it hit her. You know the security warning popup up so she didn't click anything but cut the computer off as I had instructed her. She still got the bug and a bad one at that. The only sites that were open at the time of the attack were yahoo email, FB, and Yahoo IM.
I was able to do an install of malwarebits to get the trojans pulled. She had 5 trojans installed on the computer.
Took me 2 1/2 hours to get the computer cleaned up disabled AVG and Internet exployer. I had to uninstall AVG and do a clean install to get everthing back to working. Whatever it was was a really tough one to get off.
1:45 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



As far as I know, this particular worm is only active on twitter.com - and although it could redirect you to a malware site, I've seen no reports of that.

TechCrunch has just produced a five point program to deal with the mouseover worm:

1. Don’t use the Twitter web site, especially the older version.

2. Use a desktop application like Tweetdeck, Seesmic or similar. Although the affected tweets do appear in your stream, they will not produce the same mouseover effect.

3. Use the Twitter mobile site, which appears to be unaffected.

4. Delete the affected tweets by avoiding the main web site and logg-in to the mobile site instead. Then delete the forced Retweet. Delete any tweets so that the worm does not spread to your friends and followers.

5. Change your password just in case.

[eu.techcrunch.com...]
1:48 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Only a matter of time.
1:52 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



News from Twitter about their problem:

We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

We expect the patch to be fully rolled out shortly and will update again.

[status.twitter.com...]
1:59 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member billys is a WebmasterWorld Top Contributor of All Time 10+ Year Member



This is one of the big benefits of WebmasterWorld - getting news like this so quickly. I'm staying away from Twitter until the all clear.
2:07 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



According to Mashable, Twitter has now sounded the "all clear"

Update (10:00 a.m. ET): A spokesperson for Twitter tells us "This should now be fully patched and is no longer exploitable."

[mashable.com...]

Maybe, but they've definitely made me gun-shy about using Twitter.com through a browser. Third party apps have their own issues, too. Ah well, whatchgonnado?
2:45 pm on Sep 21, 2010 (gmt 0)

5+ Year Member



Would Firefox with the NoScript plugin protect the user - or would Twitter simply not work with the plugin enabled.
2:54 pm on Sep 21, 2010 (gmt 0)

5+ Year Member



Has anybody tried twitter.com via the web yet?
3:26 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I have. It looks like there are no mouseover tweets around, and they're easy to spot because they are bare javascript instead of a message. It's just that hover activates them instead of a click -that's the real nuisance factor.
3:28 pm on Sep 21, 2010 (gmt 0)

5+ Year Member



Thanks, tedster
4:12 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Twitter confirmed the XSS Attack is fully patched.
4:20 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Would Firefox with the NoScript plugin protect the user


NoScript has XSS protection.
4:41 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



For those that want to know more...
The Twitter hack: how it started and how it worked [guardian.co.uk]
A Japanese developer was the first to notice the weakness in Twitter's site and says he reported it as far back as mid-August. He put up a demonstration - and then the exploits flourished.The original discovery of the weakness, known as a "cross-site scripting" (XSS) hack, seems to have been made by a Japanese developer called Masato Kinugawa. He says that he reported an XSS vulnerability to Twitter on August 14 - and then discovered that the "new" Twitter, launched on Tuesday 14 September, had the same problem.
5:58 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



The real solution is to stop using Twitter forever.
8:16 pm on Sep 21, 2010 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



So much for the superiority of OAuth
12:03 am on Sep 22, 2010 (gmt 0)

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member



You can still visit the twitter site to read messages, just don't log in. You can't re-tweet when logged out.
12:28 am on Sep 22, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



My sympathies, Tedster, but you should really consider being more careful about allowing scripts to run on your browser, unless there's a true need for a particular site, and you trust it completely. It's like leaving your doors and windows wide open in the centre of town. Hard to complain about being robbed afterwards.
7:06 am on Sep 22, 2010 (gmt 0)

5+ Year Member



Islamic Republic of iran hacked it like past ...
3:08 pm on Sep 22, 2010 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Then within a few minutes he saw that it had started spreading virally. "holy #*$!. I think this is exponential: "3381 more results since you started searching," he said - adding, a few minutes later "This is scary."


Very reminiscent of the famous "Samy" worm that hit MySpace a few years back. This is what happens when someone with XSS skillz and a low threshold for risk assessment ponders, "I wonder what will happen if I throw this wrench into that big fast-moving machine that doesn't belong to me?"

I wonder if there will be any legal repercussions for the kiddies who did it.
5:28 am on Sep 23, 2010 (gmt 0)

WebmasterWorld Administrator anallawalla is a WebmasterWorld Top Contributor of All Time 10+ Year Member



"Melbourne teenager becomes the terror of Twitter" [theage.com.au...]
11:53 am on Sep 24, 2010 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



He said it was Twitter's responsibility, not his, to keep the site secure.


A juvenile understanding of ethics & law. Now that I have read a little about the people who exploited the vulnerability, I hope there are charges laid and convictions made.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month