Home » News Stories » Oh Yes, Minister!

News Stories

Job Search


Back to News »

Oh Yes, Minister!

Share this:
digg it  | kickit | Email it | | reddit | liveIt
Subscribe to IrishDev News RSS 
DateTuesday, September 21, 2010

Oh Yes, Minister! 

 Twitter Security Flaw Redirects Vistors of Gordon Brown's Wife to Hard-Core Japanese Porn Site



TWITTER_Gordon_Brown_Sarah_Brown.jpgIT security and data protection firm Sophos is warning computer users to be cautious in the wake of a widespread security flaw affecting popular micro-blogging site Twitter. The Twitter website is being widely exploited by users who have stumbled across the flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link.



Thousands of Twitter accounts have posted messages exploiting the flaw, with victims including Sarah Brown, wife of the former British Prime Minister whose Twitter page appears to have been messed with in an attempt to redirect visitors to a hardcore porn site hosted in Japan.



Graham Cluley, senior technology consultant, Sophos, said: "It seems many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed. Some users are also exploiting the loophole to create tweets that contain blocks of colour (known as rainbow tweets). Because these messages can hide their true content, it might prove hard for some users to resist clicking on them."


Cluley concluded: "Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code."



Threatscape MD, Dermot Williams added: "While the incidences we've seen so far haven't done anything too malicious, the situation could have been far worse. Thankfully it seems Twitter has moved fast enough to fix this hole before anyone had an opportunity to craft more dangerous code and have it propagate widely. Attackers could have just as easily used this flaw to direct millions of Twitter users to websites designed to load far more dangerous viruses and worms onto their computers."


"Today's attack was an example of a cross-site scripting attack. Previous such attacks targeting other websites have attempted to steal user login credentials - bad for social networking sites, terrible for email accounts and worse still for online banking."



Visit Renaissance - Sophos Distributor in Ireland




The 3rd Irish Software Show 2011 - Date Announced Click Here


People reading this article also read....



More Sophos News on


More Twitter News on

More Virus News on


More Security News on


More Hacking News on




Get Instant Updates....

Join on Facebook and Twitter




Got a Story – Share it with the Irish Software Community – Email us at

Back to News »
digg it  | kickit | Email it | | reddit | liveIt | RSS
Low Cost, No Frills Coworking and Hotdesks
Unix Tutorials