When the Bird Flies Through the Loophole

Security is an issue we frequently address on this blog, and unfortunately, it’s time for another look at this popular topic. Twitter’s redesign brought about some great features, but one of the ugly secrets of the redesign was exploited by malicious sources. Yesterday morning, when you rolled over a link on Twitter.com with your mouse, the link opened on its own, sending the user to sites ridden with spam, malware and NSFW content. Twitter called the loophole “onMouseOver.”

From Twitter’s blog:

The short story: This morning at 2:54 am PDT Twitter was notified of a security exploit that surfaced about a half hour before that, and we immediately went to work on fixing it. By 7:00 am PDT, the primary issue was solved. And, by 9:15 am PDT, a more minor but related issue tied to hovercards was also fixed.

The longer story: The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted website into another one. In this case, users submitted javascript code as plain text into a Tweet that could be executed in the browser of another user.

We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.

Security issues like the “onMouseOver” incident are hard to avoid as a technology consumer, but developers have the opportunity to test for issues like the one above before curious users with too much time and a hand for mischief come around. It’s the same for all technology professionals: we have a duty to explore all possible loopholes before they become the size of train tunnels.

How are you analyzing your technology for possible loopholes? Share below in the comments.


This entry was posted in General and tagged , , . Bookmark the permalink.
  • Is IT better to outsource?:

    When you’re running a business, you hire individuals who are experts in their select field. Hire accountants to maintain the books and financials of your business, hire sales people to market your product or service, hire specialists who can make … Continue reading

  • Admin Terms of Use Contact Us