Malicious Bug Eats Twitter for Breakfast

CYBERSPACE—Malicious miscreants with a salacious sense of humor were at it again this morning as the Twittersphere was all atwatter over a security breach that actually had people being warned away from using the micro-blogging tool. That’s like making coffee illegal.

The sense of helplessness can hardly be exaggerated.

“Shock, horror and redaction-themed confusion on Twitter this morning, as an apparent javascript hole has seen the short-messaging service overrun by black boxes which can spawn pop-up messages and even open new browser windows,” wrote a breathless SlashGear, tongue only slightly in cheek. “The flaw has been exploited by various people, some for entertainment purposes such as changing colors, but others using it to redirect users to pornographic sites and potentially malware-infested pages.”

One did not even have to click on a link to be impacted.

“According to security analysis firm Sophos, simply running your mouse over certain tweets could activate pop-ups, send you messages, or even redirect you to another site,” Fox News reported.

Despite its brief lifespan, the abusive exploit has left its mark, globally. Even the feed for Sarah Brown, wife of former U.K. Prime Minister Gordon Brown, was compromised such that it inadvertently sent users to a Japan-based hardcore porn site.

"It's pretty widespread and has left some major egg on the face of Twitter," Sophos senior technology consultant Graham Cluley told FoxNews.com, adding that it was a security flaw the company should have caught. “It shouldn't be possible to plant JavaScript code like this into your tweets.”

Despite the assurances that the “XSS attack should now be fully patched and no longer exploitable," some tech sites are still advising people to exercise caution.

“For now, Twitter users should either access the site from a third-party client, such as TweetDeck or Seesmic, or use mobile.twitter.com, to which the exploit does not apply,” PCWorld suggested, only minutes ago.

In light of this escapade, Twitter’s rollout of its new website couldn’t come at a better time, and it should also be noted that people already on the new Twitter.com are reportedly not susceptible to this particular hack.