So, I started seeing odd tweets in my timeline, it seems that posting a link like this:
fails input validation, resulting in the script being executed when you mouse over the tweet. Note that you can inject pretty much any attribute this way, including
style, letting your tweet use fixed positioning over the entire site, so it’s hard to escape the mouseover.
Nice one twitter… now the only site to get exploited in under 140 characters.
Related Posts: On this day...
- New Orleans cancels plans for Super Bowl drone - 2012
- Hackers break SSL encryption - 2011
- HOWTO: Record the Cops: A guide to the technology for keeping government accountable - 2010
- How becoming a Stoic can make you happy - 2010
- PA school board pays $33K settlement for searching kid's phone and referring seminude self-portraits to DA for criminal prosecution - 2010
- MIT's Project "Gaydar" - 2009
- RIAA's in-school propaganda asks kids to act as unpaid PR staff - 2009
- Porn Is Losing Its Steam - 2008