Security is an issue we frequently address on this blog, and unfortunately, it’s time for another look at this popular topic. Twitter’s redesign brought about some great features, but one of the ugly secrets of the redesign was exploited by malicious sources. Yesterday morning, when you rolled over a link on Twitter.com with your mouse, the link opened on its own, sending the user to sites ridden with spam, malware and NSFW content. Twitter called the loophole “onMouseOver.”
From Twitter’s blog:
The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed.
We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.
Security issues like the “onMouseOver” incident are hard to avoid as a technology consumer, but developers have the opportunity to test for issues like the one above before curious users with too much time and a hand for mischief come around. It’s the same for all technology professionals: we have a duty to explore all possible loopholes before they become the size of train tunnels.
How are you analyzing your technology for possible loopholes? Share below in the comments.