onmouseover
Latest
The story behind the Twitter worm
When we heard about this malicious JavaScript code that hit Twitter yesterday, we were kind of relieved: perhaps it was nature's way of ridding us of celebrity micro-bloggers. But as the day went on, it seemed that even if this were the case, a sordid tale was emerging: apparently the whole thing began with a Norwegian programmer named Magnus Holm, who had experimented with a flaw in Twitter's website that let users execute code on a mouseover. His version of the code simply replicated itself: "The purpose was simply to see if it was possible to create a worm," he told The New York Times, adding that he was surprised it had spread as quickly as it did. "Because it was very easy to delete the Tweet that contained the worm, I expected that everyone would just delete it the moment they realized that they've been 'infected.'" But soon enough, folks were updating the code for malicious purposes, including redirects to spam sites and, perhaps worst of all, Rickrolling. By 8:30 AM President Obama's Press Secretary Robert Gibbs had inadvertently sent the thing out to his followers, and by 10:00 AM (when Twitter had patched the hole) an estimated 200,000-plus users had been hit. Fortunately, it looks like things are back to normal, which reminds us: @justinbieber hasn't tweeted for over twenty-four hours. We hope he's OK!
'Rainbow tweets' start hammering Twitter after onMouseOver exploit discovered
Oh dear. Some wise guys have discovered a JavaScript exploit in Twitter's web interface, which uses an onMouseOver instruction to hijack your own tweeting voice and force you to say things you don't want to say. Simply put, hovering on some of these colorful new tweets can result in you tweeting out the spammiest spam you ever did tweet. So, as with Tetris, be wary of those blocks of color, they are the harbingers of doom. And until the Twitter crew wrap their brains around sealing this vulnerability off, we'd recommend just using any of the cornucopia of Twitter apps floating about in the webosphere. [Thanks to everyone who sent this in] Update: The Twitgineers are already dealing with the issue and are rolling out a patch that should span the entire Twitterverse before too long.
