Wednesday, September 22, 2010

'Rainbow Tweets' OvertakeTwitter Website

Some 1 million Twitter users, or about 1% of the total, were besieged with so-called "Rainbow Tweets" Tuesday, September 21st. The tweets exploited a flaw in Twitter's coding which allows hackers to issue commands to users' browsers in JavaScript with the "onmouseover" command.

A 17-year-old Australian highschool student claims to have inadvertently discovered the exploit while analyzing a Japanese user's multicolored background. When he alerted others to the exploit, by way of a demo which displayed the phrase "uh oh" on mouse-over, the exploit quickly spread throughout the hacker community. The student said he started seeing auto-retweeting scripts within half an hour.

Many of the malicious hacks merely redirected users to hardcore pornography sites, but others were worms. One of the most high-profile user accounts to be compromised was Sarah Brown's, wife of former British PM, Gordon Brown.

Twitter was made aware of the issue early on and managed to patch the exploit quickly, but this was not the first time it had happened. The exploit was discovered and repaired several weeks earlier, but reappeared following an update.

© C Harris Lynn, 2010

No comments: