Forgot your password?
typodupeerror
Security Social Networks IT

Twitter Closes Hole After Attack Hits Up To 500K Users 135

Posted by CmdrTaco
from the hate-when-that-happens dept.
chicksdaddy writes "Twitter closed an ugly cross site scripting hole in its Web page Tuesday morning, but not until a fast moving attack, including at least two Twitter worms, compromised hundreds of thousands of user accounts. At its height, the attacks were hitting 100 Twitter users each second, putting estimates of the total number of victims at around 500,000 according to researchers at Kaspersky Lab."
This discussion has been archived. No new comments can be posted.

Twitter Closes Hole After Attack Hits Up To 500K Users

Comments Filter:
  • Seriously (Score:5, Insightful)

    by Anonymous Coward on Tuesday September 21, 2010 @03:58PM (#33654804)

    How complicated is it to write somewhat secure software that processes 140 character messages?

    • by MobileTatsu-NJG (946591) on Tuesday September 21, 2010 @04:25PM (#33655210)

      How complicated is it to write somewhat secure software that processes 140 character messages?

      Yeah, they should shorten it to 70 characters and make it twice as secure.

      • by spun (1352)

        But there would be less entropy in 70 character messages. What they need to do is double it to 280, but require every other character to be random. Nobody could hack that!

      • by mlts (1038732) *

        How about allowing for unlimited characters, but store it in a 128-bit MD5 hash? It isn't as secure as SHA-256, but it is close enough for this work.

    • Maybe they hired some old Adobe employees or something. I mean features > security or even features > caution is what they hang up as a poster on the wall at most places. If you make a super simple site that JUST delivers 140 character strings between users, your marketing people's heads would explode. That's just inconceivable that you'd change and upgrade your service nonstop for no reason and add features nobody wants and that don't work.
      • by mark72005 (1233572) on Tuesday September 21, 2010 @05:09PM (#33655744)
        If they were using old Adobe employees, Twitter would start requiring you to update your system every 2 or 3 hours.
        • And Twitter pages would be so resource-intensive they'd make Slashdot pages seem to load fast in comparison. Twitter would eventually require a "fast launch" component that pre-loads Twitter code into your RAM on boot.

      • by NiceGeek (126629)

        "and add features nobody wants" going by the demand for url shortening services, TwitPic, TwitVid, etc, etc. It's obvious there is demand for new features.

        • Re:Seriously (Score:4, Insightful)

          by lennier (44736) on Tuesday September 21, 2010 @06:42PM (#33656524) Homepage

          "and add features nobody wants" going by the demand for url shortening services, TwitPic, TwitVid, etc, etc. It's obvious there is demand for new features.

          And presumably the top of those features would be "allow messages larger than 140 characters so that we can just post the actual URL".

          With a few billion dollars and about 40 years worth of solid development, Twitter might eventually turn into some sort of simple transfer protocol for multipurpose Internet mail...

          • Re: (Score:3, Insightful)

            by cyclomedia (882859)

            Alternatively as they're happy to expand the tweet metadata to include Location, Date, Time, Platform and Color-Of-Socks why not add an extra field to contain an optional Link. The link would not be printed onscreen, instead there would just be a Link icon if the tweet contained a link and the 140 characters would then still be free to describe what the link is linking to

    • Having to deal with XSS myself recently, I have to say that I'm not that shocked. It's really, really hard not to accidentally miss something while you're programming in HTML and leave yourself vulnerable. Google's had issues with it before, most open source solutions have had that vulnerability, and now Twitter has. In a lot of ways I'm more surprised that this is the first one they've had.
      • Re: (Score:3, Informative)

        by psyclone (187154)

        Uh, how hard is it NOT to escape your output?

        Maybe it's difficult to sanitize all of your input, fine. So simply escape it properly on output.

        It's the same thing with SQL injection mitigation: simply use prepared statements and you don't need to worry about the user's input. (Mostly)

        • by shird (566377)

          It's nothing like SQL sanitation, unless you are using pre tags. But that doesn't allow embedded links or formatting.

          Escaping HTML is very difficult, especially when you massage the output a bit (i.e hash tags and http links). There is also unicode, %20 and &amp style notation, "double escaping" etc.

      • Re: (Score:3, Informative)

        by Idiomatick (976696)
        http://htmlpurifier.org/ [htmlpurifier.org] ? I mean twitter devs could Google the problem I guess.

        And it isn't twitter's first security problem.
    • by Dynedain (141758)

      Not very difficult, unless of course you put the command and control structure within the same information channel as the content, sans escaping or syntax. Then you have the nasty problem of any particular string of characters being content, instructions, or both.

  • Was I too late to the party? I tried the exploit out at about 7 hours ago (with the malicious code removed) and it never worked for me. I then went to accounts that were reported infected and couldn't get any results. Was I lucky or just unintentionally more secure somehow?
    • by Celexi (1753652)
      I think it was already fixed by that time.
      • by stepdown (1352479)
        Their post confirming it was fixed came out about that time

        http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched
  • by pablo_max (626328) on Tuesday September 21, 2010 @04:03PM (#33654888)

    Really,I know a lot of people seem to be using twitter, but I just don't get it. Am I too old? Hell, I don't actually know anyone using it. At least I don't think I do.
    Why are people so interested to read an internet based text message? Is it really better than reading a well thought out and reasoned article about something?

    More and more I see on all these tech news sites and blogs that they heard from so and so's tweet that such and such will be released with this and this. Then, all the other news sites link to the first blog who is using twitter as a source of information.
    Since when is a text message a reliable source of information?

    • by stepdown (1352479) on Tuesday September 21, 2010 @04:07PM (#33654942) Journal
      I treat it more as an RSS feed. A lot of people use it to link to full articles, and as a means of just sharing links to information it's great.
      • by metamatic (202216) on Tuesday September 21, 2010 @04:35PM (#33655332) Homepage Journal

        Actually, no, as a means of just sharing links to information it sucks, because you generally can't fit URLs and useful description into 140 characters--so you either have to skip describing the thing you're linking to, or you have to obfuscate the URL through a redirection service.

        Facebook, delicious.com, Tumblr etc are much better ways of sharing links to information.

        • I use it to aggregate a lot of information from feeds of my choosing into one place. RSS does this as well, but the same content is not available and it's not as bite sized and scannable to me.

          Plus it allows me to interact, which RSS does not.
        • by vlm (69642)

          or you have to obfuscate the URL through a redirection service.

          I refuse to click on those, too easy to be goatse'd or rickrolled

          • Re: (Score:2, Insightful)

            by dotgain (630123)
            Never happened to me once. Probably got something to do with not following idiots who post such links.
          • by MrCrassic (994046)
            Then just use a verification service to unmask the trimmed URL.
        • by josgeluk (842109)

          Actually, no, as a means of just sharing links to information it sucks, because you generally can't fit URLs and useful description into 140 characters--so you either have to skip describing the thing you're linking to, or you have to obfuscate the URL through a redirection service.

          Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.

          • by lennier (44736) on Tuesday September 21, 2010 @06:50PM (#33656588) Homepage

            Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.

            Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.

            Tim Berners-Lee cries!

            • Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.

              If they are worth it then the sites can be found another way.

            • Well duh. Or the web site you link to re-engineers its layout without providing back-compatible redirection...

              Anyhow - I store bookmarks in my bookmark collection. Twitter is mostly a way of quickly sharing and discovering ephemeral information, anyways: If I want to keep stuff, I export it from the cloud.

        • by mattack2 (1165421)

          Facebook, delicious.com, Tumblr etc are much better ways of sharing links to information.

          I'm not completely disagreeing with you, but the fact that the messages just come to my phone, rather than having something I have to go out and seek, is convenient.

          Even saying that, I *do* wish I could also/instead have the tweets of each twitter user I follow emailed to me once a day. It'd be even easier to skim that way.

      • by lennier (44736)

        I treat it more as an RSS feed

        So why not use RSS?

        • by Cimexus (1355033)

          Cause most things these days offer a Twitter feed but not many offer RSS. Plus Twitter is two-way.

          I basically just use Twitter as a glorified aggregation service. News headlines from a variety of sites. My ISP's file mirror updates. Updates from bands I follow. Info from online games that I play. Half these organisations don't have RSS feeds, and even if they did, you can't communicate back to them, which is very handy. I even had a issue with my mobile phone provider sorted out via Twitter the other week -

      • Seconded, If you try to follow a lot of people on twitter (in an effort to conform to some social rules and not shun people who you like) then it will become useless except as your own broadcast tool. The trick is to follow enough people who tweet at a rate such that the amount of new stuff to read at the frequency you check twitter isn't under, or over-whelming.

        There, I made it a maths problem and as such will make slashdotters interested in it.

        The good thing about twitter is that you can use it to update

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Yet, you read and post Slashdot comments.

      • by Abstrackt (609015) on Tuesday September 21, 2010 @04:17PM (#33655102)

        Yet, you read and post Slashdot comments.

        It's no fun complaining about something if no one sees or hears you doing it.

        I have a theory that this is also why Facebook and Twitter have gained so much popularity. Half the updates I see on either are complaints about work, chores, some person who won't be named but must be publicly called out on some unspecified charge and/or the weather.

      • by pablo_max (626328)

        Sorry..I fail to see how slashdot and twitter are anything alike. Explain please.
        Are you saying that I can post a comment on someones twitter account that everyone else can see and then some random douche can make a comment on it? I didn't think twitter was like that at all.

    • by Anonymous Coward on Tuesday September 21, 2010 @04:12PM (#33655024)

      That's not the point. Microblogging isn't blogging. Look, here's some people I follow on twitter

      1) Wikleaks - they announce new leaks and news articles about em
      2) Bands, e.g. Oceansize tweeted "People of York, be warned we are likely to be opening the doors late. There are fucktonne of problems with this venue.". 65dos also just released a free track!
      3) Comedy stuff, e.g. the chilean_miner account: "Another troubled night. Ramon was mining in his sleep again" or Jesus_M_Christ: "Mesus Christ, I got hacked? I knew it was a mistake to mouseover a link on Judas' Twitter page."
      4) Friends, who talk about their daily lives (these things interest me)
      5) Work collegues, to see what conferences they're at and what they're working on
      6) Stuff to do with the societies I'm in at uni, like student robotics organising get-togethers and pub trips.

      Try it. Follow your favourite authors, musicians, websites and so forth. It's like a huge aggregated RSS feed with stuff that isn't normally syndicated included.

      • Re: (Score:3, Funny)

        by rueger (210566)
        Twitter = Facebook without all of the crap.

        Well, at least shorter crap.
      • by pablo_max (626328)

        I guess I can see your point with the items you listed. They do seem to be valid use cases.
        I think perhaps the root of the problem is that I can't think of a single person whom I would want up to the minute updates on.
        Still...I can imagine perhaps sporting events or maybe a huge news story while I'm at work or on my mobile and don't have a proper connection handy.

        • by istartedi (132515)

          I can't think of a single person whom I would want up to the minute updates on

          Neither can I. That's why I don't follow anybody who tweets their poops.

        • by PRMan (959735)
          I thought it would be interesting during hockey's free agency period, but it's caused nothing but problems. There have been more false reports this offseason than in the last 20 combined.
        • I can't think of a single person whom I would want up to the minute updates on.

          If this is what all your friends are doing, may I suggest the problem is with them, not the medium?

    • by Culture20 (968837)
      Micro-blogging is not a means of logging extensive information; it's more like a party-line web-based IRC or other chat. Chat to the world, and maybe someone will be listening.
      • by Jedi Alec (258881)

        Yup, it's pretty much IRC, except one's future employer has been provided with a better search engine to find out all the inane crap we spouted 20 years from now ;-)

        • Re: (Score:2, Funny)

          Behold, the Twitter dualism:

          1. All tweets are mindless drivel about what someone ate, the weather, and other trivialities.
          2. Your potential employer will mine this deeply personal information and use it against you.

    • by Anonymous Coward on Tuesday September 21, 2010 @04:22PM (#33655160)

      No, I don't use Twitter. Yes, I see the point of using Twitter. No, I don't go around telling people how great life is without Twitter.

      I'm sure that there are thousands of fantastic services out there, both on the internet and IRL, for which I have no use, and loads of great services for which I can't even envisage a practical use.

      Another thing; your own viewpoints aren't the only ones and likely to be incorrect or incomplete when thoroughly scrutinized. Deal with it.

      • by Smekarn (1623831)
        The reason why people (such as myself) are so quick to let everybody know that they do not care very much for Twitter or Facebook etc. is not that they feel a need to exhibit their "unique" standpoints or what ever (I personally feel it's the other way around: "Hey! Look at me! I'm hip! I use twitter and facebook! I'm with it!").

        I spend a lot of time bashing Facebook, Twitter and even the concept of Blogging, is because I'm so god damned tired of everyone talking about it as if it's something new! I mean
    • Not pointless as technology, even if mostly filled with useless stuff.

      Twitter replaces a bit of email and a bit of irc in a web2.0 fashion. Which is: take internet protocols that mostly worked, enhance their functionality (when possible) and put them in a centralized webapp (the "cloud" has to do with the internals of the app's server infrastructure, so "centralized" is the right term). With all pluses and minuses of a monoculture.

      The web2.1 seems to be: instead of webapps sell apps for smartphones instead,

    • by ColdWetDog (752185) on Tuesday September 21, 2010 @04:25PM (#33655214) Homepage
      Hi Gramps! Shuffleboard on the main patio in 15 minutes. See you there.

      Face the facts. Email is for us old people. Twitter is for, well, twits. But that's OK, the nurses are kinda cute and I like not having to get up early in the morning.
    • Re: (Score:3, Insightful)

      Is it really better than reading a well thought out and reasoned article about something?

      I like how you ask this on a site that routinely uses the term "RTFA".

      • To be fair, the summary is still more information than a tweet. It including the title and the link is nearly 600 characters, more than 4 twits. And way more information is available in the fucking article if you chose to read it.

        And to add to that there are many sorted, nested comments that are ranked to enable you to find the most relevant informative posts. Most of which break the 140 character limit.

        None of this is available in twitter. It is not at all conducive to informative discourse nor does it
        • To be fair, the summary is still more information than a tweet.

          To be fair, most people respond to a thread with less than 140 characters worth of unique information in the summary. It's not like we're talking about excerpts that are densely packed. Look at your own post. Here's the pertinent info:

          "Summaries and comments have more information than tweets, therefore Twitter is useless".

          All the other words were used in an attempt to defend against my inevitable rebuttal.

          • Lol. I could point form any essay or debate into "I think that ____" but that defeats the fucking purpose doesn't it.
    • Re: (Score:3, Insightful)

      by Pecisk (688001)

      While Twitter is not Jack Of All Trades as Facebook claims to be for example, it is very useful tool for information freaks. It really is useful IF used properly - or complete waste of time if not. I use it to get info about lot of interesting things which I would miss otherwise. No, I don't use it for 'OMG Radiohead rulles'. I also use it for spreading information which can be interesting for others too.

      In fact Twitter IS micro blogging, so in nutshell, it has mostly those same strengths and weaknesses as

    • by kaiser423 (828989) on Tuesday September 21, 2010 @04:32PM (#33655308)
      Instead of having our captain for the team manage an ungodly email list for game times, updates, notifications, etc, he just has a twitter feed.

      That way, it's hey you're new to the team, subscribe to @MySoccerTeamName and get all the info on when/where our games are, planning for team BBQ's, etc.

      Because someone always changes an email, or someone gets all spam-infected and spews to the whole list or whatever and you have bounces, etc.

      A twitter feed is just dead simple. It's also nice for quick updates; I couldn't make the game, but the captain tweeted a 5-2 win immediately after, so I got to see it.

      It's incredibly nice; no need to visit a webpage or check your email or whatever, it's in a little app that everyone has on their phone or computer or whatever.
      • Re: (Score:3, Insightful)

        by lennier (44736)

        Because someone always changes an email, or someone gets all spam-infected and spews to the whole list or whatever and you have bounces, etc.
        A twitter feed is just dead simple. It's also nice for quick updates; I couldn't make the game, but the captain tweeted a 5-2 win immediately after, so I got to see it.
        It's incredibly nice; no need to visit a webpage or check your email or whatever, it's in a little app that everyone has on their phone or computer or whatever.

        All these things are sensible, but I have two major questions:
        1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?
        2. Why does it have to be limited to 140 characters? People who want publish/subscribe also want to send arbitrary files to all their friends, not just tiny snippets which can't even store a Web-standard URL. Since most people on mobile devices now use data services, there seems to be no rea

        • by phorm (591458)

          1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?

          Probably because nobody has made one, or at least not one that was as easily adoptable.

          2. Why does it have to be limited to 140 characters? People who want publish/subscribe also want to send arbitrary files to all their friends, not just tiny snippets which can't even store a Web-standard URL. Since most people on mobile devices now use data services,

        • by Fex303 (557896)

          1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?

          Because the folks at Twitter made it, and seem to want it that way. Not ideal, but if it had been launched as a protocol it would be basically impossible to get updates and tweaks happening. There's probably a lot more to this, but basically it boils down to the fact that VC sponsored ideas are not likely to become protocols.

          2. Why does it have to be

          • by Zebedeu (739988)

            2. Why does it have to be limited to 140 characters?

            This seems arbitrary, but it's a key part of why Twitter is good. You can't post long, boring diatribes. You have to be snappy and concise.

            Though I agree with you, I always thought the 140 character limit wasn't arbitrary, but a limitation imposed by the fact that many people at the time were getting Twitter updates over SMS.

            I know that's why my friends and I originally got onto Twitter. At that time, mobile internet was expensive and web integration in mobile phones wasn't anything to write home about (for example, most phones wouldn't allow a background service checking your twitter feed on the internet).

            Nowadays, that's changed. I suspect t

        • 1. If it were some kind of e-mail extension, spam would be more of a problem. There are three kinds of Twitter messages. The normal "timeline" messages of people you follow, mentions and direct messages. Spammers can't send you direct messages or appear in your timeline unless you follow them (and spamming you would get you to unfollow them quickly). They can still use mentions, but there's a limit to how many people one mention can include and Twitter has added a "Report a Spammer" tool which takes sp

        • by m50d (797211)
          Since most people on mobile devices now use data services, there seems to be no reason to hamstring serious computer users just to keep up compatibility with a broken historical text-messaging limit.

          You overestimate the rate at which people upgrade their phones. You may be rich, but there are plenty of folks out there using 15-year-old nokias.

    • by slapout (93640)

      "Really,I know a lot of people seem to be using twitter, but I just don't get it. Am I too old?"

      I used to think the same thing until I started playing with it. It's all about who you follow. For instance, I follow Weird Al and every couple of days he posts something funny. And it's also how I found out about a Ustream Q&A that he was doing one day. Back in 2008, I was following Leo Laporte, but instead of tech posts, I was getting commentary on the US presidential elections. So I unfollowed him. It's

    • by Quirkz (1206400)
      I use them to announce updates for my online game. Generally those updates need to be short, or details need to be elsewhere, like on forums, for lengthy discussion. It works fantastically as a way to let people know about changes.

      Technical truth is I post the update on Facebook and let it forward to Twitter. It automatically applies URL shorteners for me, making things even easier.

    • by lmr2020 (1454503)
      I'm 55 and I use Twitter daily. It's a way of catching up quickly with my friends and family without having to visit a Facebook page (which I do not use) or texting (which I also do not use). I follow my favorite musical artists and authors, support various charities and help groups, and get links to many various articles and blogs that interest me.
      • Do you post stuff yourself, so they get to follow you as well? (It is a serious question, specially since you mentioned that you don't text. I might start doing it as well but I can also text)

    • It's pretty useful as a simple common platform for sending/receiving short alerts, like commuter rail updates. You can also use the web URL, e.g. http://twitter.com/VaRailXpress [twitter.com] to check for recent tweets without ever signing up.
    • I agree that it is mostly pointless. However, we use it in a way that I find very useful, but only occasionally. We have an Iridium equipped aircraft that has very limited data connectivity. When we are flying it over the Arctic or Antarctic for our work, we can update people on what we are doing and seeing using Twitter and our very limited data connection on an hourly basis. That means that mom back at home (or program managers, or interested scientists, students, whatever ) can monitor what we're doi
    • See Rudy Park, it the txt generation, which believes that instant information, no matter how shallow, is a good thing and actually faster then the old fashioned slow media... like when an aircraft crashed in Holland, twitterers were very proud that twitter reported it first. Except it didn't. The radio did.

      It fits with a generation raised on txt and very short attention spans. For many, this rant is already far to long. And I say generation, but really mean a group because not all young people are twitter

  • dupe (Score:1, Insightful)

    by Anonymous Coward

    This was covered in the original post this morning. Nothing new in FTA versus the comments in the other one...

  • Obligatory (Score:4, Funny)

    by Anonymous Coward on Tuesday September 21, 2010 @04:14PM (#33655048)

    Twitter closes hole after attack hits up to 500 000 of its users, known as twits.

  • by Starteck81 (917280) on Tuesday September 21, 2010 @04:24PM (#33655202)
    ...gets the worm and then tweets about it. ;-)
  • I thought Twitter was between two holes ... ??

    http://30.media.tumblr.com/hnBdf3xhZn70lld3VLy3gSBUo1_400.jpg [tumblr.com]

  • Isn't it about time Twitter got it's own topic icon [jumpstation.ca]?

    .
  • by vlm (69642)

    putting estimates of the total number of victims at around 500,000 according

    What if each text costs ten cents, thats $50K of revenue for the telcos. Since "everyone knows" the actual cost of service is like a million of a cent per text, thats about $50K profit for the telcos.

  • noscript (Score:2, Informative)

    by bhcompy (1877290)
    And this is why I use NoScript. Sweet, sweet XSS protection with large, annoying warning when you come across one.
  • Why all the hate? (Score:3, Insightful)

    by inanet (1033718) on Tuesday September 21, 2010 @06:12PM (#33656272)
    I really don't get the twitter hate.

    I don't like facebook, but I can see its value, particularly if you manage it right and use it to share news and photos with friends and family etc. there are other valuable uses, but I use the example.

    I still dont use it.

    I don't use bebo, or myspace, or facepalm or crotchpunch.

    Doesn't mean I have to hate on them.

    I use twitter in much the same way other people have mentioned. I don't follow twitter shitters. (people who tweet constantly about inane shite) But I do follow people who provide interesting information, along with people I know and a range of news sites from aljazeera to bbc, to the NZ news site stuff, to Scientific american, and a range of others!

    I follow a range of people, and I Find twitter useful because i can fire up my smartphone, pull up my twitter client and get a "snapshot of the world" and that's really what it is, any big news event happens, anywhere in the world I would probably put money on the fact I'll hear about it before anyone who isn't on twitter and isn't directly affected.
    XKCD did a great comic about how people could hear about an earthquake via twitter before the actual shockwaves hit them.
    but in short, if you don't want to use twitter, then don't, but all that your raging anti-twitter stance says is "I tried twitter but nobody followed me back"
    so obviously you had nothing to add, therefore thank you for not using the service, you've increased its value already!
    • by apoc.famine (621563) <apoc.famineNO@SPAMgmail.com> on Tuesday September 21, 2010 @09:31PM (#33657928) Homepage Journal
      I had this discussion over some beers with some like-minded friends recently. What we settled on was, "When does it stop?"

      BBS, finger, chat, IRC, email, IMs of 90 flavors, pagers, forums, MySpace, texting, LiveJournal, Blogs, Facebook, Twitter, LinkedIN, etc...

      I think the Twitter hate is because you are hanging around the demographic that's largely filled its quota for "new shit that I have to keep track of". Add in our games, RSS feeds, slashdot, comics, etc., and we've filled our time on the internet. We either have to start purging old methods of communication and old pastimes, or we can't start new ones.

      Right now, there's a large number of us who have thriving communities in enough places that we're not interested in another. It's not just Twitter - that's just the one that we're being pushed the hardest to adopt. And for a lot of us, Twitter doesn't hold a draw. I'm sure you've found some reasons to adopt it. But I don't have time for it. I'm full up.

      Yet here you are, blathering on about how you use Twitter for so many things, how useful it is, blah blah blah.

      Does it make any more sense now why the Twitter hate? We don't care already. Shut up about it. Some of us aren't about to give up something else for Twitter, and we'd need to in order to pay attention to it.

      Our information bandwidth has been exceeded.

      The sooner you and everyone else stops rambling on about The Next Big Thing On The Internet, the sooner we'll stop hating it.

      (For the record, I came here to find technical details about the XSS, for although I don't care about Twitter, the details are important in the grand context of the internet. I just figured since you hadn't figured it out yet, I'd stop and point out why a lot of us hate Twitter. And your post which had nothing to do with the details of this attack is a prime example. We get it. You want to make passionate love to Twitter and have its babies. Yet you come to an article about a hack job, and instead of posting anything interesting about the technical aspects, you post a totally unrelated bit of flamebait about "Twitter Hate". That's why we hate Twitter. People doing what you just did. So if it bothers you that we hate your exciting new lover, stop posting shit about your love for Twitter when it's entirely inappropriate.)
      • by minus9 (106327)
        Could you rephrase that in less than 140 characters please. Nobody is going to read all that.
    • by Smekarn (1623831)
      It's not Twitter or Facebook we hate. I'm sure they are perfectly useful services.

      It's the disproportionate, misinformed hype that never seems to go away that makes me want to punch twits in the face.
    • by Ol Olsoc (1175323)
      Why the hate? Twitter and F-book have made the crossover into trendiness. Listening to how awesome they are is about as enjoyable to me as posts about Lindsey Lohan's latest failed drug test. The only difference is I feel kinda sorry for her.

      I get the impression that the people who love People Magazine and OMG are the same people that think Twitter and F-Book are wonderful.

  • This is an old (for the web) type of attack. No web site should be vulnerable to this sort of thing because all web developers (including me) know to sanitize their inputs. If only in order to avoid a Bobby Tables incident [xkcd.com]

  • By my calculations (Score:2, Interesting)

    by ksandom (718283)
    that's ~81 minutes or just under an hour and a half. When was their discovery of the issue? If that's 1.5 hours from becoming aware of the issue to closing it, it's not terrible. What time of day was it at the office doing the maintenance? Was it even in office hours when someone would be there?
  • So, twitter is a bit like IRC. Is there a web interface to an IRC server that works in a similar way to twitter? It seems a bit silly to re-invent a protocol that's like IRC, but with fewer characters per message.

    • Agreed. I was just explaining this to a friend moments before I read your post.

      As for the Twit-Hate noted earlier, (and in every post on /. about the service), appropriation of the octothorpe is irritating, middle-managers convinced that Twit-marketing will solve all their problems is tedious, lame Twits are... twits, but my main complaint is the irritating name. I'm just so tired of the all the irritating names... it's enough to make me start to hate he kinds of spiffy technologies that used to bring

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk

Working...