Earlier today Sophos website released a warning about Twitter mouseover and how some users are exploiting a new security flaw using mouseovers. This exploit causes popups and thirdparty websites to popup in your browser by just moving your mouse over the link. Right now most users are using the exploit to create a rainbow effect in their tweets. Because of this "loophole" some users may use it to hide the true content. Below is an example what some are doing with the flaw.
As a tech support professional this is a big deal to me. Before getting into web design, I use to be technical support research analyist and before that I did a lot of PC repairs that including repair PCs that were infected with all sorts of junk. To me, this danger and should not be taken lightly. There are a lot of people out their that just want to hurt others. This exploit could easily go bad for Twitter and their users. There all sorts of things you could do with exploit that could cause havoc to a Twitter user’s machine. So be careful when using Twitter’s website to read Tweet stuff. If weird things happens close the popups and get off Twitter’s page right away. If those popups ask you something such as "click here" or asks you to download something, DO NOT DO THAT! Just close the popup by using the x button that you normally would use to close a window.
From the research I found, Twitter isn’t talking about it and several sites have asked for feedback from Twitter. But they haven’t gotten back to these requests, and Twitter’s blog hasn’t even made mention of this as of 8:13 AM central time on September 21, 2010. I will keep looking into this and if I find anymore or I find out this has been fixed I will let everyone know.
For more details about the security flaw please check out Twitter ‘onmouseover’ security flaw widely exploited
News Source: Sophos