Think before you Tweet - Twitter under phishing again - Now Solved
How Phishing Spreads... This shows a previous scheme of phishing - in present case on hovering the mouse user is directed to other websites.. |
Phishing is not new to twitter. In the February month of this year there were reports of phishing attacks on twitter where many high profile twitter accounts have been compromised. Now here comes another set of phishing attacks on twitter.
In a news reported by BBC, it reads-
"Twitter has patched a flaw in its website that was being exploited to pump out pop-up messages and links to porn sites. Initially, users only had to move their mouse over a message containing a link - not click it - to open it in the browser. The code was spread by worms, self-replicating, malicious pieces of code.
Thousands of users were caught out by the flaw, including Sarah Brown, the wife of the UK's former Prime Minister. "The exploit is fully patched," Twitter said on its status blog. People using third-party Twitter software - such as Tweetdeck - were unaffected by the problem. The flaw comes just one week after Twitter rolled out a major redesign of its site."
The code exploited what is known as a cross-site scripting (XSS) vulnerability, a flaw in a website that can be exploited by relatively simple code. In the case of the most recent flaw, the command - written in a simple programming language called Javascript - automatically directed users to another website, some of which contained pornography. Generally there is no legitimate need for javascript for tweeting. Twitter should exercise tighter control on people can tweet so that such instances can be avoided.
So what is Phishing Attack ? Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication - > Click Here for Wikipedia Article On Twitter
Solved??
A screen Capture of Tweets at http://twitter.com/safety(twitters safety page)> |
Twitter on it's blog just half an hour before writing this article tweeted saying - "Hear about a Twitter.com security issue involving "moused over links"? We have too. And, we fixed it. For now, check out @safety for more."
So should it mean the problem is solved? May be May not be .. But be careful before tweeting - think before you tweet. Meaning just check the address bar whether it is "twitter.com" before entering username and password. This should also be ensured when logging in to other sites through OAuth.
So the users should continue to be on their guard, as once an exploit had been found there would be a raft of hackers looking for new ones or ways to circumvent the patch. This had been seen in past when Twitter said they have fixed a flaw, a new exploit pops up again and again.