Twitter Closes Hole After Attack Hits Up To 500K Users 135
chicksdaddy writes "Twitter closed an ugly cross site scripting hole in its Web page Tuesday morning, but not until a fast moving attack, including at least two Twitter worms, compromised hundreds of thousands of user accounts. At its height, the attacks were hitting 100 Twitter users each second, putting estimates of the total number of victims at around 500,000 according to researchers at Kaspersky Lab."
Re:Interesting, yet pointless (Score:5, Informative)
That's not the point. Microblogging isn't blogging. Look, here's some people I follow on twitter
1) Wikleaks - they announce new leaks and news articles about em
2) Bands, e.g. Oceansize tweeted "People of York, be warned we are likely to be opening the doors late. There are fucktonne of problems with this venue.". 65dos also just released a free track!
3) Comedy stuff, e.g. the chilean_miner account: "Another troubled night. Ramon was mining in his sleep again" or Jesus_M_Christ: "Mesus Christ, I got hacked? I knew it was a mistake to mouseover a link on Judas' Twitter page."
4) Friends, who talk about their daily lives (these things interest me)
5) Work collegues, to see what conferences they're at and what they're working on
6) Stuff to do with the societies I'm in at uni, like student robotics organising get-togethers and pub trips.
Try it. Follow your favourite authors, musicians, websites and so forth. It's like a huge aggregated RSS feed with stuff that isn't normally syndicated included.
Re:Seriously (Score:3, Informative)
Uh, how hard is it NOT to escape your output?
Maybe it's difficult to sanitize all of your input, fine. So simply escape it properly on output.
It's the same thing with SQL injection mitigation: simply use prepared statements and you don't need to worry about the user's input. (Mostly)
noscript (Score:2, Informative)
Re:Interesting, yet pointless (Score:4, Informative)
Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.
Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.
Tim Berners-Lee cries!
Re:Seriously (Score:3, Informative)
And it isn't twitter's first security problem.