Twitter's New Mouse-Over Feature Is a Widely Abused Security Loophole

Twitter

Twitter's fallen prey to hackers seduced by its growing popularity: It has a wicked security loophole for visitors to its newly refreshed website—all it requires you to do is drift your mouse pointer over a malicious link. It's being widely abused.

The hack is pretty simple: All it needs is an embedded link in a tweet. When you visit anyone's profile that contains the tweet—either as an official or unofficial "RT" retweet—by going to the relevant page on Twitter.com and then let your mouse pointer move over the link, Twitter's code currently attempts a quick preview of the contents of the link. And voila! Instead of directing you to where you think you may be going, you could end up with a porn site on your screen.

But there's some big potential for abuse here: By redirecting you to a site that contains malicious code, hackers could plant a virus on your machine (particularly if you're an unwitting victim, or if you're not so Net-savvy), or at the least some persistent spam advertising pop-ups may be launched.

Twitter is certainly aware of this "mouseover" issue (we've emailed them to check on this) and is probably preparing a fix. Until they do there are two easy ways to avoid the problem—don't click on a link that looks wrong somehow (some of the more jokey tweets that exploit the loophole conceal the text of a link behind a colored bar, or have extremely large or small font sizes) or simply to avoid going to Twitter.com and use a third party client to access your Twitter feed, like many people do anyway.

The biggest take-away from this news is that now that Twitter is gaining such a big following online, and is emerging as a powerful and useful tool for all sorts of different reasons, it's going to attract the attention of hackers and coding ne'er-do-wells the world over.

To keep up with this news, follow me, Kit Eaton, on Twitter.

Add New Comment

0 Comments