Twitter rolling out patch to combat attack

21 Sep 2010

Twitter has identified the ‘onMouseOver’ exploit that is causing havoc on its homepage and is patching the flaw.

“We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit,” Twitter said in a statement.

“We expect the patch to be fully rolled out shortly and will update again when it is.”

The attack took advantage of the main Twitter’s web interface, which, earlier, failed to disallow the ‘onMouseOver’ Javascript command.

The attack tried to redirect users to other websites or automatically reports the tweets simply if the user hovers over the affected tweet.

The tweets involved were in large letters, making it difficult to avoid hovering over them.

The flaw was reported by Sophos, which noted that many users are exploiting this flaw simply for fun, but warned it could be used for cyber crime if ignored.