Disclosure: We are a professional review site that receives compensation from the companies whose products we review. We test each product thoroughly and give high marks to only the very best. We are independently owned and the opinions expressed here are our own.
Earlier today Sophos website released a warning about Twitter mouseover and how some users are exploiting a new security flaw using mouseovers. This exploit causes popups and thirdparty websites to popup in your browser by just moving your mouse over the link. Right now most users are using the exploit to create a rainbow effect in their tweets. Because of this "loophole" some users may use it to hide the true content. Below is an example what some are doing with the flaw.
Potential Threats
As a tech support professional this is a big deal to me. Before getting into web design, I use to be technical support research analyist and before that I did a lot of PC repairs that including repair PCs that were infected with all sorts of junk. To me, this danger and should not be taken lightly. There are a lot of people out their that just want to hurt others. This exploit could easily go bad for Twitter and their users. There all sorts of things you could do with exploit that could cause havoc to a Twitter user’s machine. So be careful when using Twitter’s website to read Tweet stuff. If weird things happens close the popups and get off Twitter’s page right away. If those popups ask you something such as "click here" or asks you to download something, DO NOT DO THAT! Just close the popup by using the x button that you normally would use to close a window.
From the research I found, Twitter isn’t talking about it and several sites have asked for feedback from Twitter. But they haven’t gotten back to these requests, and Twitter’s blog hasn’t even made mention of this as of 8:13 AM central time on September 21, 2010. I will keep looking into this and if I find anymore or I find out this has been fixed I will let everyone know.
So in the mean time, I would stay way from using Twitter’s website and use third party apps such as Hootsuite or TweetDeck, since they do not seem to be affected by this security flaw.
For more details about the security flaw please check out Twitter ‘onmouseover’ security flaw widely exploited
News Source: Sophos
Image Credit Sophos Screen Shot, bird in the pool
About James
That was really a major security flaw on Twitter but i think its fixed now. This bug in Twitter came in front when a guy tried to put Javascript in Twitter and it worked. After that this dirty trick was picked by spammers and they drove thousand of visitors to their site within minutes.