BloggersBlog.com


Twitter OnMouseOver Error Causes Popups

A Twitter "onMouseOver" error propagated on Twitter early this monring. The error allowed "tweets" containing blocked-out text to appear on Twitter. These tweets also opened popup windows on people's browsers. Twitter explains the error, which involved javascript code submitted as tweets, here.
The longer story: The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted website into another one. In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user.

We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.

Early this morning, a user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This is why folks are referring to this an "onMouseOver" flaw -- the exploit occurred when someone moused over a link.

Other users took this one step further and added code that caused people to retweet the original Tweet without their knowledge.
Twitter is big enough now that its errors make the mainstream media. Take a look:



Posted on September 21, 2010











comments powered by Disqus
Index
Homepage
Twitter


Categories
Blog A-Lists
Blog Addiction
Blog Add-ons
Blog Pessimism
Blogging Industry
Blogging Tips
Facebook
Journalism
RSS
Social Networks
Tech News
Twitter
Videos
Work and Blogging
















www.bloggersblog.com

Copyright © 2005-2014 by Writers Write, Inc. All Rights Reserved.