Twitter Hit With Second Worm In a Week - Slashdot

Become a fan of Slashdot on Facebook

×

Twitter Hit With Second Worm In a Week 97

Posted by CmdrTaco on Monday September 27, 2010 @12:55PM from the security-is-hard dept.

adeelarshad82 writes "Days after a site update unleashed a Twitter cross-site scripting attack, the micro-blogging site was again hit with a bug that spread via questionable links. The offending messages appeared on a user's Twitter feed with 'WTF:' followed by a link. If you clicked on that link, you were taken to a blank page, but behind the scenes, the worm would post vulgar messages on your account that discussed, well, sex involving goats."

This discussion has been archived. No new comments can be posted.

Twitter Hit With Second Worm In a Week

Search 97 Comments Log In/Create an Account

Comments Filter:

Re:I guess this script is baaaad for you. (Score:3, Interesting)

by Yvan256 ( 722131 ) writes: on Monday September 27, 2010 @02:51PM (#33714962) Homepage Journal

What about stopping that stupid cross-domain mess and only allow subdomains to be used? Sure it's going to break a lot of things (including banners...), but it would solve a lot of problems.

Parent Share
twitter facebook
Re:I guess this script is baaaad for you. (Score:3, Interesting)

by thePowerOfGrayskull ( 905905 ) writes: <marc...paradise@@@gmail...com> on Monday September 27, 2010 @04:21PM (#33716024) Homepage Journal

And as I said above... if I see a link that's immediately followed by some spam about leisure activities with barnyard animals, I'm gonna question that link.
Playing whack a mole with stuff like antivirus, antispam, antiwhatever suggests your operating system is broken
I agree that all of the above are a waste of time - you can't keep up. But you also can't blame the OS because it's no more capable of keeping up (unless it's a true walled garden - which works well for some people.) than OS vendors are. My point - and I don't see how it was missed - was that "security" vendors will jump on this bandwagon claiming that they can "fix" this problem when it's a problem that can only be solved via user education.
(What I didn't say is that's also no solution at all. Users - rightfully I feel - don't want to be educated extensively in security practices when to their perspective they're using a simple tool. )
The user uses the internet as intended, the developers, not so much.
I agree. This exploit could just as easily be done without XSS. Someone clicks a link that says "check this out"; which in turn does an HTTP redirect to a GET URL that does the exact same thing. No script required.
But there's also no OS currently in existence that can prevent this. Users click links, often blindly. Just because it's not fair that they need to do so intelligently doesn't change the fact that they must be responsible for what they click on.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

692 commentsMen Overran a Job Fair For Women In Tech
507 commentsGoogle Workers Protest Cloud Contract With Israel's Government
472 commentsHow Electric Cars are Already Upending America
446 commentsInternet Access in Gaza is Collapsing as ISPs Fall Offline
424 commentsConservatives Bombarded With Facebook Misinformation Far More Than Liberals In 2020 Election, Study Suggests

Scientists will study your brain to learn more about your distant cousin, Man.