Twitter patches security flaw

Micro-blogging website Twitter has said it has patched a security flaw which plagued users with viral messages and third-party…

Micro-blogging website Twitter has said it has patched a security flaw which plagued users with viral messages and third-party websites including websites selling hard-core pornography.

Users of the social media site reported messages popping-up and third-party websites opening in their browsers after they moved their mouse over a link.

The site was rendered virtually useless by the attack for several hours today.

Twitter acknowledged the problem on its Status blog this afternoon and said the attack been identified and dealt with.

READ MORE

"The exploit [flaw] is fully patched", the website said in a statement this afternoon.

Twitter identified the attack as an XSS attack and advised users to message @safety if they had any information regarding the problem.

The XSS onmousover flaw, also known as a cross-site scripting flaw, is a type of computer security vulnerability which allows attackers insert malicious script into web pages which is then executed when users place the mouse over an affected link.

US technology security and control firm Sophos said users "might be safer" to use third-party Twitter clients to avoid the exploit.

The flaw also allowed messages to spread virally without the consent of users. Victims of the flaw reportedly included Sarah Brown, wife of the former British prime minister Gordon Brown.

Éanna Ó Caollaí

Éanna Ó Caollaí

Iriseoir agus Eagarthóir Gaeilge An Irish Times. Éanna Ó Caollaí is The Irish Times' Irish Language Editor, editor of The Irish Times Student Hub, and Education Supplements editor.