tagged w/ flaw
-
To put it bluntly, do not download Apple’s FaceTime for Mac beta. It has a major security flaw that endangers your Apple ID.To put it bluntly, do not download Apple’s FaceTime for Mac beta. It has a major... more
-
-
STORY HIGHLIGHTS
When Twitter users "mouse over" a link, the content appears even if they haven't clicked it
Twitter says it is working to address the bug
Sarah Brown, wife of former British Prime Minister Gordon Brown, affected
White House spokesman Robert Gibbs tweets his account has been affected
Thousands -- possibly hundreds of thousands -- of Twitter users have been hit by a security bug that causes potentially dangerous content to appear on computer screens without warning, according to a researcher at the security firm Sophos.
When users of the popular site "mouse over" a link on Twitter.com, the content appears even if the person did not click on it, says Graham Cluley, the researcher, who recommends users avoid Twitter.com until the issue is fixed.
"It's obviously the most natural thing in the world just to move the mouse across the screen," he said in an interview with CNN. "You don't have to click on a link."
The bad links may also be retweeted, or sent to that person's followers, which causes the security flaw to spread across the network.
The bug could be harmless, doing nothing other than taking users to websites that they did not intend to open, Cluley said. But it also could be exploited by hackers who could use the bug to install malicious software on a person's computer, allowing them to collect personal and financial information, he said.
It appears to affect both the new and old versions of Twitter.com, he said. The site recently updated its look and functionality to include links and videos that open within the pages of Twitter's website. Using the site through third-party software, like TweetDeck or Seesmic, should still be safe, he said.
Twitter on Tuesday morning acknowledged the security flaw.
"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit," the company wrote in a blog posted shortly before 10 a.m. ET. "We expect the patch to be fully rolled out shortly and will update again when it is."
That came after several prominent Twitter users appeared to be affected.
Writing on this blog, Cluley says that Sarah Brown, wife of the former British Prime Minister Gordon Brown, was among those affected by the security hole.
"It appears that in Sarah Brown's case her Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan. That's obviously bad news for her followers -- over one million of them," Cluley writes.
Brown posted this follow-up tweet on Tuesday morning:
"don't touch the earlier tweet - this twitter feed has something very odd going on ! Sarah."
White House press secretary Robert Gibbs also tweeted about the situation:
"My Twitter went haywire - absolutely no clue why it sent that message or even what it is...paging the tech guys..." Gibbs wrote on his Twitter feed.
A video posted by Sophos on YouTube shows the bug in action. When the user's mouse hovers over a problematic tweet, he or she automatically is redirected to another website, which could contain malicious or inappropriate material. The user does not have to click the link to activate the bug.
"It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed," Cluley writes on his blog.
It's unclear exactly how the problem started, Cluley said, but a vulnerability in Twitter's code likely has allowed people to stir up the trouble. That flaw may have existed for years, and simply was undiscovered, or it could be new, he said.
"We have seen this kind of thing before -- we've seen worms spreading in a similar way on Twitter before, but it's certainly the largest in recent times," he said.
Users who have been affected should log out of their accounts, disable Java Script and avoid the Twitter.com website until the matter is resolved, Mikko Hypponen, a researcher at the security firm F-Secure, writes on his blog.
"While Twitter's security team is scrambling to close this loophole, we expect problems to continue," Hypponen says.
"It's perfectly possible that there will be more malicious attacks, possibly combining this technique with browser exploits."
http://www.cnn.com/2010/TECH/social.media/09/21/twitter.security.flaw/index.html?iref=NS1STORY HIGHLIGHTS
When Twitter users "mouse over" a link, the content... more
-
-
Microsoft Internet Explorer was once again the weak link in the corporate computing chain, the company revealed this week.
Microsoft's security spokesman called these highly successful attacks a routine, daily occurrence.
[Google has encrypted traffic traveling from PCs to its Gmail web servers and announced it may leave China, if necessary - but it will not continue to censor its search results in China. Microsoft's Steve Ballmer announced Microsoft will stay in China because it can make lots of money there.]Microsoft Internet Explorer was once again the weak link in the corporate computing... more
-
-
There is apparently a dangerous security bug with the Motorola Droid that puts user information at risk. Come on, you knew this day would come Droid owners.There is apparently a dangerous security bug with the Motorola Droid that puts user... more
-
-
The caption under the picture reads:
"The words highlighted above are the perfect summation of how I feel about my father. However, we are bound like a book, and I believe our words, like a novel, are already written. Read this post which is so dear to my heart and let me know your thoughts. I think anyone with a father can relate somehow to this piece. Maybe Ethers, you can give me SOME hope? If we keep using the book analogy...and the picture above....the page is not fully printed. Maybe there's time to add more text to it."
This is a blog that is so touching, so well-written and anyone with a parent can relate to. This is a must-read. Really. Unbelievable. The best post I've read in forever. I cried.The caption under the picture reads:
"The words highlighted above are the... more
-
-
jrn
-
added this
-
2 years ago
- |
-
Life can come and go. The better way to deal with all ups and downs in life is to furnish your mind with inspirational and meaningful sayings that will help lift your spirit up. The message of these sayings can change your life and thinking, but most importantly, they can make you feel motivated and energized.Life can come and go. The better way to deal with all ups and downs in life is to... more
-
