Twitter hack sends users to hardcore porn sites
By ANIWednesday, September 22, 2010
WASHINGTON - Hackers have managed to exploit a security flaw on the popular micro-blogging site Twitter, by activating pop-ups and even directing some users to hardcore porn sites.
The hack utilized the onMouseOver JavaScript code to run automatically when a user visits the Twitter.com site, tweeting itself out to other users and redirecting users to malicious sites.
According to security analysis firm Sophos, simply running your mouse over certain tweets could activate pop-ups, send you messages, or even redirect you to another site.
“It’s tens of thousands if not hundreds of thousands of messages that have been posted,” Fox News quoted Sophos senior technology consultant Graham Cluley as saying.
“It’s pretty widespread and has left some major egg on the face of Twitter.
“It shouldn’t be possible to plant JavaScript code like this into your tweets,” he said.
Cluley also added that there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code.
He said many current security risks are two-part procedures, as first they take over a browser and redirect the PC to a compromised website, then they load up additional code to continue the exploit.
Twitter representatives have said that the security flaw has been fixed.
“The XSS attack should now be fully patched and no longer exploitable. Thanks, those reporting it,” the company wrote in its Safety news feed. (ANI)