* Posts by Tom Graham

1 publicly visible post • joined 26 Feb 2009

Tweet hackers reopen Twitter vuln

Tom Graham

Explaination

Robert Simmons, the proof of concept purposely displays the iframe as it is not intended to cause any harm by tricking unsuspecting Twitter users. Is that what you meant by "not working in Safari 4?".

"By the time we stumbled on his findings, the exploit no longer worked." - As far as I can tell the exploit still works. To clarify visiting http://m.twitter.com usually results in the mobile version of Twitter being displayed, however only until a user has selected the "Standard" view using the link at the bottom of each page. The exploit would then no longer work until the users cookies are cleared (as twitter seems to store the standard/mobile preference).

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER