Anyone within sight of these pixels should probably stay away from the main Twitter page for the next little while: the oh-so-thinkable has happened, and Twitter has been hacked (again). And while Twitter and technical snafus are old friends (there’s a reason we have the phrase “fail whale”), this one is pretty easy to fall prey to: all you need to do is roll your cursor over hacked links on the Twitter home page.
According to CNET:
Sophos notes that right now primary exploiters of the loophole are using it for “fun and games,” but that it could potentially be used by spammers or purveyors of malicious code. It appears to work in both the redesigned Twitter Web interface that was launched last week as well as its predecessor.
“Mouseover” hacks are not particularly complicated, and have been implemented in vulnerable e-mail clients for years….
Sophos notes that the exploit is spreading rapidly and that it’s now being used to redirect to some hardcore porn sites.
This is all especially vexing in Toronto, where Twitter has played a central role in covering everything from otherwise-dull mayoral debates and editorial board meetings to reporters getting rounded up by the cops on long, rainy Sunday nights. After having loved Twitter for so long, can people remember how to express themselves using more than 140 characters? Will Toronto’s poor souls remember what channel the news is on or, for that matter, how to use a TV remote? (Hint: it’s like a BlackBerry, but with fewer buttons.)
As of 10 a.m., this whole thing may or may not have been patched. Until that’s confirmed, if these Crackberry-addicted tweet fiends can’t help themselves, security Web sites are recommending third-party Twitter clients, which seem to be immune.
• Sophos highlights Twitter URL vulnerability [CNET]
• Twitter flaw pumps out spam links [BBC News]
• Twitter users including Sarah Brown hit by malicious hacker attack [Guardian UK]
• Twitter ‘onmouseover’ security flaw hits site [Techradar]