Twitter Bug or XSS Attack: Seems to be Getting have Gotten Fixed

"Twitter under attack by 'mouseover bug' "
Yahoo! News (September 21, 2010)

"Twitter came under attack on Tuesday as hackers exploited a security flaw to wreak havoc on the microblogging service.

"Computer security firms said thousands of users, or more, were affected by the bug, which appears to send out or 're-tweet' messages simply by rolling over an infected link with the computer mouse.

"Those hit by the bug included Sarah Brown, the wife of the former British prime minister who has over one million followers on Twitter, and White House press secretary Robert Gibbs.

" 'My Twitter went haywire - absolutely no clue why it sent that message or even what it is... paging the tech guys,' Gibbs wrote on @presssec.

"Twitter said it had identified the attack and was working on a solution...."

Here's what the Lemming read on the Twitter website.

"XSS attack identified and patched. 1 hour ago

"We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

"We expect the patch to be fully rolled out shortly and will update again when it is.

"Update (6:50 PDT, 13:50 UTC): The exploit is fully patched."

In the meantime, the Lemming will be careful about rolling over links in Tweets. Particularly blank ones.

Back to the Yahoo! article:

"...Cluley said the bug was allowing messages to pop-up and third-party websites to open in a Web browser including links to pornography sites.

"He said that in Sarah Brown's case her 'Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan.'..."

The "bug" sounds more like malware to the Lemming, but - well, as I've explained before, I'm "apathetic" only in a certain sense of the term.