View all newsletters
Sign up to our newsletters

Support 110 years of independent journalism.

  1. Politics
21 September 2010updated 27 Sep 2015 2:12am

Twitter hover hack causes havoc

Site is slow to plug security loophole.

By Jason Stamper

A security flaw in the latest version of the popular Twitter social networking user interface is causing havoc with the service, with the former PM’s wife Sarah Brown among thousands who have been hit by the flaw.

The bug is a further embarrassment for Twitter just a week after the new user interface was launched. It affects only those using Twitter directly, not those who access their Twitter account via third-party sites such as TweetDeck.

Sarah Brown, who has well over a million followers on Twitter, “sent” a link from her Twitter account that redirected users to a hardcore pornographic website.

The link will have been sent out from her account without her knowledge, as hackers have been able to exploit a scripting loophole in Twitter status updates which means that when you hover your mouse over malicious tweets, a particular function can be carried out — from redirecting you to another website, to sending out further messages without your knowledge, or worse.

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via thesalvo.substack.com Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU

“While most examples of the ‘onmouseover’ security flaw seem to be people playing around with code without specific malicious aim, there have already been numerous cases reported today of porn and shock site redirects, along with profile corruption and various other side effects,” said Christopher Boyd, senior threat researcher at GFI Software.

“While there’s a possibility that bad actors may use this to direct end-users to malware and phish pages, I’d like to think Twitter will have this under control before that happens. However, we are surprised that Twitter has not suspended the main twitter.com website while it works on a fix.”

UPDATE: Twitter has just announced that the loophole has now been closed and there shouldn’t be any more “onmouseover” attacks.

Jason Stamper is the editor of Computer Business Review and NS technology correspondent.

Content from our partners
Labour's health reforms can put patients first
Data science can help developers design future-proof infrastructure
How to tackle the UK's plastic pollution problem – with Coca-Cola

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via thesalvo.substack.com Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU