International Telecommunication Union   ITU
Site Map Contact us Print Version
 Friday, 28 August 2009

A vulnerability in Twitter Inc.'s popular microblogging service remains unfixed and can be used by criminals to hijack accounts or redirect users to malicious Web sites, a developer claimed today. The cross-site scripting bug in Twitter allows hackers to insert malicious JavaScript into tweets simply by adding code to a field of an API used by third-party Twitter application developers.

A software developer, a U.K.-based search optimization specialist, Slater recommended that, until Twitter patches the vulnerability, users should stop following any Twitterers they don't personally know or trust. "Who's to say they're not already stealing your details? If you don't see their tweets, they can't harm you,"


(Source: ComputerWorld)

Full story