Twitter Chaos Resolved
Many people in the Twitter community received a shock on Tuesday morning when they logged in to their Twitter accounts. They discovered spam messages, bizarre pop-ups and, in some cases, hard core pornography. What was going on with the popular site?.
It seems that a major gap in the Twitter security system was being exploited. Malicious links popped up on countless numbers of accounts, passed along from one Tweeter to another. Unlike most computer attacks, users could initiate the online chaos without having to actually click on a malevolent link. In this case all it took was simply hovering their mouse over an offending link..
How was the system compromised? Whenever a web site makes it possible for their users to post text to the site in the form of messages, comments, or similar entries, the possibility exists that ill-intentioned hackers will insert malicious code instead. Online businesses have become aware of this problem and place safeguards in their systems to make sure this kind of code won’t be able to run amok. Twitter is no exception. Twitter’s programmers guard their site against many different types of attacks. However a recent security system revision inadvertently made the site vulnerable. On Tuesday morning, someone identified that vulnerability in the security system and jumped on it.
This opening, which was patched up within a few hours, was not actually a hack. Hacking is breaking into another computer. However in this case the intruders exploited JavaScript, a quite popular online programming language. As a result of an error in the manner that Twitter handled messages, it became possible for users to include JavaScript in tweets. The JavaScript could then do just about anything, including forwarding more JavaScript-containing tweets..
Although disturbing, there is also a silver lining to the story of the attack. The new Twitter web site design, already made available to some Twitter users, proved immune to this bug. Applications developed by third parties also handled the problem with very little difficulty. Only those using the standard interface were victimized.. Hopefully this demonstrates that Twitter’s updated interface includes added security. Twitter says that they expect to move all users to the new design in the very near future.
