Twitter Hacked !!!!

Twitter hacked, sending users to third-party sites



The Twitter social media site has been
hacked, impacting thousands of users of the
popular microblogging site.



The hack of Twitter.com is extra nefarious
because the tweets activate without being
clicked on — it's enough for Web surfers to
move their mouse cursors over them.

According to Mashable, the bug redirects
users to third-party websites without their
consent.

MORE HERE:

http://www.msnbc.msn.com/id/39285873/ns/technology_and_science-security/#

 

Twitter is really a nasty and dangerous place.. I hardly use twitter ...

 

Twitter says it has identified and fixed the hack.

http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched

 

Using the NoScript Firefox extension, which contains powerful anti-XSS protection doesn't help either, because the code is served from twitter.com and most people have already whitelisted the domain.

Source: http://news.softpedia.com/news/XSS-Bug-Wreaks-Havoc-on-Twitter-157339.shtml

 

I would be interested in seeing the code of the parser/filter that Twitter uses when sanitizing user input.

 

All these social networking sites make my skin crawl. Too many people creating an idealised persona of themselves. I find it bizarre unless you're under 21 and then you're forgiven for youthful frivolity

People with 800 + friends and over 1 000 photos etc. They should see a shrink

 

If all those movie stars on Twitter would spend their energy helping us keep our privacy rights, then I'd be impressed.

Otherwise they seem to be just using it for another ego boost.

 

Doritoes, they also mention the modal overlay as being part of the problem. Although it is much loved by web designers, is there any way to turn the ****ed thing off, not just in Twitter but anywhere else?

 

I believe you are referring to css/javascript modal overlays and not prompt/alert/confirm boxes created by the browser. I don't think there is a simply way of turning them off when most users have javascript enabled on Twitter. Even with javascript disabled, a webpage can still hardcode a modal overlay in HTML, and then require that you have javascript enabled to make it go away. You can try and detect this by looking through the div's and seeing which ones have high z-index attributes and use an extension to remove them from the page. This may remove some wanted div's on sites that legitimately use them with a high z-index.

So the answer is that there is not a simply+reliable way, but it is possible to code an extension that could remove the modal overlays like Adblock removes ads.

 

Hint! Hint!

I don't know too much about the stuff but some of these seem to be exploitable!

These actions caused by mouse roll-over even without clicking seem nothing short of .

 

Source:
http://www.ghacks.net/2010/09/21/twitter-patches-porn-site-worm-flaw/

Should mouse-over be banned or are there situations where this is of genuine utility?