wenck - Slashdot User

Twitter Gets Slammed By the StalkDaily XSS Worm 145

Posted by Soulskill on Sunday April 12, 2009 @11:13AM from the tweety-bird-gets-the-worm dept.

CurtMonash writes "Twitter was hit Saturday by a worm that caused victims' accounts to tweet favorably about the StalkDaily website. Infection occurred when one went to the profile page of a compromised account, and was largely spread by the kind of follower spam more commonly used by multi-level marketers. Apparently the worm was an XSS attack, exploiting a vulnerability created in a recent Twitter update that introduced support for OAuth, and it was created by the 17-year-old owner of the StalkDaily website. More information can be found in the comment thread to a Network World post I put up detailing the attack, or in the post itself. By evening, Twitter claimed to have closed the security hole."

Comment Re:this isn't exactly new (Score 1) 214

by praxim on Sunday September 10, 2006 @09:48PM (#16078270) Attached to: Vista Runs Hot on Macbook Pro

Uh... what?

Comment Re:Real Identity? (Score 1) 740

by wenck on Thursday December 15, 2005 @10:25AM (#14263772) Attached to: No More Internet Anonymity

Highly dependent on your setup. Your scenario is similar to setting up procmail to gpg sign and return anything you send me. While it is possible, it would be stupid to configure a system as such.

Slashdot Top Deals