I’ve just logged out of my browser version of Twitter as everything has gone a bit squiffy. I had just read a tweet from somebody announcing a major security alert that was affecting thousands of users, including many high profile twitterers.
Mashable says:
The bug is particularly nasty because it works on mouseover only, meaning pop-ups and third-party websites can open even if you just move your mouse over the offending link.
The flaw uses a JavaScript function called onMouseOver which creates an event when the mouse is passed over a chunk of text. We’ve seen the flaw being abused to launch simple pop-up windows, redirect users elsewhere (including porn sites), and we’ve also seen it used in combination with blocks of color, covering the true “intention” of the tweet.
It seems that third party apps such as TweetDeck are not affected.
I have tried to log back into my account but it just doesn’t look right. This is what I see when I use Chrome:
Click on the image to view the full size version. If you look closely at the top of the image you will see some code that could relate to the hack, but I can’t be sure.
I can login using Firefox. This is the my last tweet:
I’m not at all sure what’s going on here. Something isn’t right. More info on what you would expect the hack to look like here.
