Update: Twitter has a security hole which is being exploited

Twitter has always had the potential for being a security risk. This is mainly because the links that are shared are trusted but as most of them are short url links there is no way to know where that link was pointing towards. Recently according to Sophos, there is a link which is being posted on Twitter. These links are usually onMouseOver JavaScript code. This mean even if your are surfing on Twitter and mouse over the link it can end up redirecting to unwanted pages.

Twitter has always had the potential for being a security risk. This is mainly because the links that are shared are trusted but as most of them are short URL links there is no way to know where that link was pointing towards.

Recently according to Sophos, there is a link which is being posted on Twitter. These links are usually onMouseOver JavaScript code. This mean even if you are surfing on Twitter and mouse over the link it can end up redirecting to unwanted pages.

Image Credit: Sophos

I am pretty sure Twitter will close up this security hole. But there are some things we can do avoid this sort of JavaScript Code on a link.

How it affects your account?

You end up sending links or retweeting a link without permission. This can make using your twitter account from the website pretty impossible unless you delete the retweeted link.

There is a pop-up. Until now these pop-ups have been harmless but the potential to infect or redirect to 3rd party website is there.

Tips for Security with Twitter

  • Ideally this is infecting only accounts of people using Twitter.com website. This means if you are using 3rd party apps you are reasonably safe.
  • Do not click on any tweet which only has a link. Even if this is from an account you trust. The same goes for Direct Messages (DM).

As this is activated even with mouse-over and not just on clicking on the link best is to avoid visiting Twitter.com. I am sure because of re-design a lot of regular users are also visiting Twitter’s website.

Are short url’s a real blind spot when it comes to websites like Twitter or Facebook. Few years ago we hardly clicked on links sent on email. We are more prone to do so with Twitter and Facebook around now a days. Do drop in your comments and views on this.

3 Comments

R4 September 21, 2010

Thanks for covering this breaking news. I logged in to my account and saw everything is safe now.

Virtual Character September 22, 2010

I have WOT on my browser so every time I click on a link and it points out to be potentially bad, WOT asks if I would like to continue. SO for now, I’m good. 🙂

cakes to nellore October 2, 2010

Just checked my account. Looks good to me. I am safe..