Twitter is again in news (surprise!, anyone).
Another XSS worm hit Twitter creating (good, eh!) publicity of another portal - StalkDaily. The XSS worm exploited improperly escaped profile URL field to re-display the malicious script, in this case - script src="hxxp://mikeyylolz.uuuq.com/x.js - resulting in infecting anyone who visited an infected profile.
Read more on this at: Fsecure
Strangely, that's just a small, noisy show of what XSS can do. It could have become more interesting though, using XSS to quietly infect the end-user systems & build up a botnet force. The possibilities are limitless.
Twitter seems to have rectified this issue as of now.
Until the next worm!
Safe Twitterin' :)
No comments:
Post a Comment