Twitter Worm Fixed

  /     /     /  
Publicated : 22/11/2024   Category : security

Twitter Worm Fixed


A cross-site scripting flaw that allowed several worms to spread on Twitter has been repaired.


Strategic Security Survey: Global Threat, Local Pain

(click image for larger view and for full photo gallery)
Twitter says that it has fixed a cross-site scripting (XSS) vulnerability that allowed several XSS worms to spread across the site early Tuesday morning.
We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit, the company said in
a status message
posted at 6:25 am PT.
Twenty-five minutes later, Twitter updated the message to say that the fix was complete.
The vulnerability involved improper input cleansing: Twitter failed to deactivate JavaScript code elements in user input. This allowed users to craft malicious tweets that executed when another user allowed his or her mouse arrow to pass over the tweet, sending more infected tweets to the victims followers.
The discoverer of the vulnerablity was a Japanese developer by the name of Masato Kinugawa,
according to The Guardian
. Kinugawas work was then expanded upon by other developers around the world, several of whom created worms that redirect users to adult Web sites.
Graham Cluley, senior technology consultant for Sophos, a U.K.-based security company, notes that
one of the victims was Sarah Brown
, wife of the former British Prime Minister. After being hit by the worm, Browns account included a tweet redirecting visitors to a porn site in Japan.
F-Secure, a security company based in Finland, says that while Twitter may have fixed the problem, it expects problems to continue. Its perfectly possible that there will be more malicious attacks, possibly combining this technique with browser exploits, the company said in
a blog post
.
A week ago, Twitter
introduced re-engineered version of its site
, promising a better user experience.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Twitter Worm Fixed