San Francisco – Twitter says it has patched a security hole
in its website that allowed code to be inserted into URL links within tweets,
causing pop-up windows to be launched when a user moused over the link. "The
exploit is fully patched," the company wrote in a blog post dated 6:50
A.M. Pacific time.
Security firm Sophos documented the exploit in a blog post,
noting that victims included the wife of former British Prime Minister Gordon
Brown, whose Twitter page attempted to redirect "to a hardcore porn site
based in Japan."
Sophos added that it appeared the exploit had mainly been
used "for fun and games, but there is obviously the potential for
cybercriminals to redirect users to third-party websites containing malicious
code, or for spam advertising pop-ups to be displayed."
"Users may
still see strange retweets in their timelines caused by the exploit. However,
we are not aware of any issues related to it that would cause harm to computers
or their accounts. And, there is no need to change passwords because user
account information was not compromised through this exploit," Twitter
said in a blog post.
Related Links:
http://tinyurl.com/2emju43
(Twitter blog)
http://tinyurl.com/3ab4t23
(Sophos blog)
http://tinyurl.com/25l2zkq
(Twitter blog)
http://news.cnet.com/8301-13577_3-20017075-36.html