Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Social Networks IT

Twitter Closes Hole After Attack Hits Up To 500K Users 135

Posted by CmdrTaco from the hate-when-that-happens dept.
chicksdaddy writes "Twitter closed an ugly cross site scripting hole in its Web page Tuesday morning, but not until a fast moving attack, including at least two Twitter worms, compromised hundreds of thousands of user accounts. At its height, the attacks were hitting 100 Twitter users each second, putting estimates of the total number of victims at around 500,000 according to researchers at Kaspersky Lab."
This discussion has been archived. No new comments can be posted.

Twitter Closes Hole After Attack Hits Up To 500K Users More

Twitter Closes Hole After Attack Hits Up To 500K Users

Comments Filter:

  • Re:Interesting, yet pointless (Score:5, Informative)

    by Anonymous Coward on Tuesday September 21, 2010 @04:12PM (#33655024)

    That's not the point. Microblogging isn't blogging. Look, here's some people I follow on twitter

    1) Wikleaks - they announce new leaks and news articles about em
    2) Bands, e.g. Oceansize tweeted "People of York, be warned we are likely to be opening the doors late. There are fucktonne of problems with this venue.". 65dos also just released a free track!
    3) Comedy stuff, e.g. the chilean_miner account: "Another troubled night. Ramon was mining in his sleep again" or Jesus_M_Christ: "Mesus Christ, I got hacked? I knew it was a mistake to mouseover a link on Judas' Twitter page."
    4) Friends, who talk about their daily lives (these things interest me)
    5) Work collegues, to see what conferences they're at and what they're working on
    6) Stuff to do with the societies I'm in at uni, like student robotics organising get-togethers and pub trips.

    Try it. Follow your favourite authors, musicians, websites and so forth. It's like a huge aggregated RSS feed with stuff that isn't normally syndicated included.

  • Re:Seriously (Score:3, Informative)

    by psyclone ( 187154 ) on Tuesday September 21, 2010 @05:12PM (#33655764)

    Uh, how hard is it NOT to escape your output?

    Maybe it's difficult to sanitize all of your input, fine. So simply escape it properly on output.

    It's the same thing with SQL injection mitigation: simply use prepared statements and you don't need to worry about the user's input. (Mostly)

  • noscript (Score:2, Informative)

    by bhcompy ( 1877290 ) on Tuesday September 21, 2010 @05:22PM (#33655852)
    And this is why I use NoScript. Sweet, sweet XSS protection with large, annoying warning when you come across one.

  • Re:Interesting, yet pointless (Score:4, Informative)

    by lennier ( 44736 ) on Tuesday September 21, 2010 @06:50PM (#33656588) Homepage

    Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.

    Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.

    Tim Berners-Lee cries!

  • Re:Seriously (Score:3, Informative)

    by Idiomatick ( 976696 ) on Tuesday September 21, 2010 @11:00PM (#33658528)
    http://htmlpurifier.org/ [htmlpurifier.org] ? I mean twitter devs could Google the problem I guess.

    And it isn't twitter's first security problem.

Slashdot Top Deals

So you think that money is the root of all evil. Have you ever asked what is the root of money? -- Ayn Rand

Close