back to article Twitter botches patch for nasty account-hijacking bug

For the past 24 hours, Twitter engineers have been fighting a gaping hole that makes it easy for hackers to hijack the accounts of users who do nothing more than view a booby-trapped message. So far, the hole is winning. The XSS, or cross-site scripting, bug resides in an application programming interface Twitter provides to …


This topic is closed for new posts.
  1. Moss Icely Spaceport

    What a bunch of twits

    Who's the greater fool?

    The fool, or the fool who follows the fool?

  2. Anonymous Coward

    TwitAPI is simple to use, not a bad thing

    I wouldn't hold out against a simple API (I've sent tweets via a bash script, I know I feel dirty admiting to this, perhaps an Anon posting),

    However cleaning one element of the submitted info (the post) and failing to clean the other (submitting app) is a careless oversight, what ever happened to taint mode in Perl was that not (copied|adopted) by all the funky PHPythonRails Rich internet Application development TwoDotOh languages? (definitely anon)

    If they are going to allow a link in the "Submitted by $APP" element of the post, all they need to do is extract the href value and ensure it's well formed, drop the rest of the tag, of course if you have no visible means of support doing extra work may require the expenditure of money you still aren't earning.

  3. Mr Pedantio

    Do what?

    "People who use third party apps to view tweets are less vulnerable, as are those who use Internet Explorer 8 and Firefox with the NoScript plugin. (In this case, a test account we used was successfully attacked using the latest version of IE, and Raff says NoScript isn't likely to fare any better.)"

    So, is it safer to use IE8 or FF+NoScript or not?

  4. Anonymous Coward

    Why the concern?

    Are people worried that their twitter account my be hijacked and used for posting interesting worthwhile messages instead of the usual inane self indulgent twaddle that makes up 99.999% of the postings on that site?

  5. Anonymous Coward

    I can't wait

    ...until Twitter goes the way of Myspace, falling into relative obscurity because the only people left using it are a bunch of self loathing tits who think that anyone actually wants to read what they have to say.

    I see very little practical use for twitter (note I am not saying there are NO practical uses for it) other than to distract people from actually having their own lives, by immersing them in the inanity of someone else's.

    Sometimes I wish I grew up in my Dad's generation, where people spent time actually socialising, and riding motorbikes and stuff. When did the definitions of socialising and social networking so horribly diverge?

  6. Blue Pumpkin

    How hard can it be ...

    I mean what is Twitter other than a glorified mailing list, some RSS feeds and a web GUI ?

    Not like it's something that's never been attempted.

    Probably run by a load of "we can do it better" and "not invented here" developers ...

  7. Stuart 22

    Hijack Twitter

    I agree anybody with precious time and intellect will find the declared purpose of twitter an insult to humanity.

    However just regard Twitter as a RSS aggregator with some interesting collateral functionality and its a good, fast, cheap (as in free), to disseminate highly focussed new/info as either twits or an RSS feed in its own right.

    After all the net itself was developed to help target nuclear missiles on Russia but was hijacked to do more interesting things (like make money for the Russian mafia). Oh the irony!

  8. André Marques

    Think of the damage!

    Oh no! This terrible threat will surely mean an huge increase in productivity in business everywhere as Twits go back to working instead of reporting on the status of the half-eaten sandwish on te table. And think of the international implications as thousands of new-politicos are suddendly forced to work on polotical issues instead of connecting to John Doe! We're doomed!

  9. Anonymous Coward
    Anonymous Coward


    Is there anything like Twit rehab yet?

This topic is closed for new posts.

Other stories you might like