Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 1 declined, 0 accepted (1 total, 0.00% accepted)

DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Cross-Site Scripting Attack hits Twitter (sophos.com)

RJHelms writes: As those of you who use Twitter may have notices, the social media site appears to have been hit with cross-site scripting attacks this morning. From Sophos:

"The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. Messages are also spreading virally exploiting the vulnerability without the consent of users."

As of 9:20AM EST, I have also seen attacks doing the same thing using an overlay, making simply viewing your account reproduce the offending messages. PC Magazine's Larry Seltzer's blog claims the attacks were stopped around 9AM but began again around 9:15. Perhaps the original fix only blocked onmouseover.

Slashdot Top Deals

Nothing is faster than the speed of light ... To prove this to yourself, try opening the refrigerator door before the light comes on.

Working...