Practice safe surfing: Don’t get hijacked on Twitter

Oh, is Twitter making the news as of late. And the latest is really not for a positive reason. If you, like many, are a Twitter user, you better be careful since it was just found out that they are vulnerable to a major cross-site scripting (XSS) hack vulnerability which could let someone in the hijack someone’s account. When the hacker does this, they could also use other exploit code to have a have a hey-day on the users computer.

Click a link, get pwned

Secure Science researchers Lance James and Eric Wastl posted evidence of this proof-of-concept exploit code. Although they did notify Twitter, they say they have yet to receive a response back. On the page offering proof-of-concept, there is a link where Twitter users can choose whether they want to be exploited or not. (I can see everyone yelling “pick me! pick me!”) If you do happen to click the decide exploitation is your thing, and click the button, you will then kick start the exploit. A posted message will show up saying “I just got owned!” on the Twitter XSSExploits account.

Wastl says that “The vulnerability is still active. Basically, we produce a link and if a Twitter user clicks on it, it allows us to hijack their accounts.”