Yeaaaaaaaaaah
 
Home » News Stories » Oh Yes, Minister!

News Stories

Job Search

Events

Back to News »

Oh Yes, Minister!


Share this:
digg it  | kickit | Email it | del.icio.us | reddit | liveIt
Subscribe to IrishDev News RSS 
CategoryBusiness
DateTuesday, September 21, 2010
Author

Oh Yes, Minister! 

 Twitter Security Flaw Redirects Vistors of Gordon Brown's Wife to Hard-Core Japanese Porn Site

 

 

TWITTER_Gordon_Brown_Sarah_Brown.jpgIT security and data protection firm Sophos is warning computer users to be cautious in the wake of a widespread security flaw affecting popular micro-blogging site Twitter. The Twitter website is being widely exploited by users who have stumbled across the flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link.

 

 

Thousands of Twitter accounts have posted messages exploiting the flaw, with victims including Sarah Brown, wife of the former British Prime Minister whose Twitter page appears to have been messed with in an attempt to redirect visitors to a hardcore porn site hosted in Japan.

 

 

Graham Cluley, senior technology consultant, Sophos, said: "It seems many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed. Some users are also exploiting the loophole to create tweets that contain blocks of colour (known as rainbow tweets). Because these messages can hide their true content, it might prove hard for some users to resist clicking on them."

 

Cluley concluded: "Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code."

 

 

Threatscape MD, Dermot Williams added: "While the incidences we've seen so far haven't done anything too malicious, the situation could have been far worse. Thankfully it seems Twitter has moved fast enough to fix this hole before anyone had an opportunity to craft more dangerous code and have it propagate widely. Attackers could have just as easily used this flaw to direct millions of Twitter users to websites designed to load far more dangerous viruses and worms onto their computers."

 

"Today's attack was an example of a cross-site scripting attack. Previous such attacks targeting other websites have attempted to steal user login credentials - bad for social networking sites, terrible for email accounts and worse still for online banking."


 

 

Visit Renaissance - Sophos Distributor in Ireland

 

 

 

The 3rd Irish Software Show 2011 - Date Announced Click Here


 

People reading this article also read....

 

 

More Sophos News on IrishDev.com

 

More Twitter News on IrishDev.com


More Virus News on IrishDev.com

 

More Security News on IrishDev.com

 

More Hacking News on IrishDev.com

 


 

 

Get Instant Updates....

Join IrishDev.com on Facebook and Twitter

 

 

 


Got a Story – Share it with the Irish Software Community – Email us at

Back to News »
digg it  | kickit | Email it | del.icio.us | reddit | liveIt | RSS
E-mail
Low Cost, No Frills Coworking and Hotdesks
Unix Tutorials