Twitter onMouseOver flaw poses huge risk to users, is being actively exploited
Filed under: Security
Sophos Labs' Graham Cluely posted this morning about a nasty little Twitter security flaw that is being actively exploited. Twitter apparently doesn't block onMouseOver JavaScript code, which (you guessed it!) kicks in when your mouse pointer passes over a specially crafted link.
What happens next is up to the creator. It could be something harmless like the alert box you see above, or it could just as easily be a rogue antivirus pop-up or some nasty porn site. Again, you don't need to click — you simply have to mouse over a link. As Cluely points out, all Twitter really needs to do is block the OnMouseOver text from being displayed.
TweetDeck reminds users that this exploit doesn't affect third-party clients. Unless you're using twitter.com, you should be totally safe.
At this point, probably 70% of the users I question about how they got an infection are telling me that they were fine until they clicked something from a friend on Facebook or Twitter. I'm starting to think those two sites are going to play cat-and-mouse with Adobe Reader and the Flash Player plug-in for the “who can cause the most malware infections” crown.
update: Twitter responded in a hurry, and the exploit has already been patched.Twitter onMouseOver flaw poses huge risk to users, is being actively exploited
Fuente: Download Squad
![[Review] Resistance 3](/wp-content/uploads/img47250s.jpg "[Review] Resistance 3")
![[App Review] FaceLock for Apps protects your apps, brings Face Unlock to Gingerbread](/wp-content/uploads/img66503s.jpg "[App Review] FaceLock for Apps protects your apps, brings Face Unlock to Gingerbread")
