Login    Forum    Search    FAQ     Radio

Board index » General Technology Discussions




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post Posted: Mon Sep 27, 2010 2:15 pm 
Offline
SUPER USER
User avatar

Joined: Fri Apr 09, 2010 11:07 pm
Posts: 645
Location: Boonies
Days after a site update unleashed a Twitter cross-scripting attack, the micro-blogging site was again hit with a bug that spread via questionable links.
"A malicious link is making the rounds that will post a tweet to your account when clicked on," Twitter wrote on its status blog Sunday afternoon.
The offending messages appeared on a user's Twitter feed with "WTF:" followed by a link. If you clicked on that link, you were taken to a blank page, but behind the scenes, the worm would post vulgar messages on your account that discussed, well, sex involving goats.
"Clicking on the WTF link would take you to a webpage which contained some trivial code which used a CSRF (cross-site request forgery) technique to automatically post from the visitor's Twitter account," according to a blog post from Sophos's Graham Cluley. "All the user sees if they visit the link is a blank page, but behind the scenes it has sent messages to Twitter to post from your account."
The message did not spread if you were not signed into your Twitter account at the time. Cluley suggested the attack spread so quickly because people were eager to find out what might warrant a "WTF" label.
Twitter said Sunday evening that it had fixed the exploit and was in the process of removing the offending tweets, but Cluley said that attack "highlighted an obvious security problem in Twitter which must be addressed as a matter of urgency - otherwise we can expect further (perhaps more dangerous) attacks."

_________________
Admit Nothing, Deny EVERYTHING, DEMAND Pr00f!


Top 
 Profile  
 
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 1 post ] 

Board index » General Technology Discussions


Who is online

Users browsing this forum: No registered users and 12 guests

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron