Archive for the ‘twitter’ tag
Cross-Site Scripting takes over Twitter
Cross site scripting is getting to be a common security vulnerability for online services. And Twitter that allows 140 characters per tweet wasn’t an exception.
The worms exploit a common vulnerability in Web applications called cross-site scripting, which allows someone to inject code into Web pages others are viewing.
In this instance, Twitter users who clicked on the name or image of anyone sending the worm messages would get infected and then send the message on to all that person’s followers. Anyone viewing an infected user’s profile would also get infected and pass the worm on.
“What we’re seeing was it was possible for codes to be embedded, small pieces of JavaScript, into people’s profiles. This should be fairly elemental to filter out,” he said.
While the attacks were mostly a nuisance, they could have been dangerous if spyware or other malware had been downloaded onto Twitter users’ computers, Cluley said.
To avoid such JavaScript-based attacks, you can turn off JavaScript in your browser. Instructions for doing this are here. You can also use utilities such as NoScript, an open-source Firefox extension, Hayter recommended.
The article has
no responses yet