NEW YORK — A new way to cause mischief quickly spread through short-messaging service Twitter on Tuesday morning before the site could fix the problem, as mysterious tweets of blocked-out text propagated themselves and caused pop-up windows to open.
Shortly before 10 a.m. Tuesday, Twitter said on its "safety" feed on the site that the attack had been shut down. It said it does not believe that any user information was compromised, rather, the "vast majority" of the breaches were pranks or promotions.
The hack had been nefarious because the tweets activated without being clicked on — it was enough for Web surfers to move their mouse cursors over them. The attack only affected visitors to twitter.com. Various third-party programs used to send and read tweets, such as Tweetdeck, were unaffected.
The pop-ups could, though didn't necessarily, contain malicious code that could take over poorly protected computers. The White House's official Twitter feed — followed by 1.8 million users — was among those affected, though the offending message was quickly taken down.
Fittingly for Twitter, which limits messages to just 140 characters, the virus may have been among the shortest on record. According to security software maker F-Secure Corp., the shortest virus so far was just 22 characters long.
Twitter said in a blog post it was notified of the security breach at 5:54 a.m. The problem was caused by "cross-site scripting." This allowed users to run JavaScript programs on others' computers, turning tweets different colors or causing the pop-up boxes to appear. Some users, Twitter added, took things a step further and included code that got people's accounts to retweet the messages without their knowledge.
"It was like a massive snowball fight that got out of control," said Ray Dickenson, chief technology officer at the computer security firm SafeCentral.
While the effects of Tuesday's mischief were visible and playful, Dickenson said that he was worried because JavaScript can quietly do more malicious things, such as sending people to sites that can infect computers.
Security breaches had been common in Twitter's early days, but the company has since worked to beef up its defenses and the problems have become less common. Tuesday's hack coincided with Twitter's ongoing rollout of a redesign of its website, which tries to streamline users' Twitter feeds and make it easier to see photos and videos directly on the site without having to click on a link to YouTube or Flickr.
Twitter said it discovered and fixed this problem last month, and that a recent site update unrelated to the redesign was responsible for its return.
Read More
Center for Peace offers academic opportunities
By Meghan Braddy and Grayson Joslin / 9 hours agoOver the years, the center has offered a peace studies minor, conflict resolution training and grant funding.
AP: New York appeals court overturns Harvey Weinstein’s 2020 conviction
By Staff Reports / 9 hours agoNew York’s highest court on Thursday overturned Harvey Weinstein’s 2020 rape conviction, finding the judge at the landmark #MeToo trial prejudiced the ex-movie mogul with “egregious” improper rulings, including a decision to let women testify about allegations that weren’t part of the case, according to the Associated Press (AP).
AP: Hamas willing to enact ceasefire if an independent Palestinian state is established
By Staff Reports / 9 hours agoWednesday, April 24th, a top Hamas political official said the group is willing to agree to a truce of five years or more with Israel and that it would lay down its weapons and convert into a political party if an independent Palestinian state is established along pre-1967 borders, according to the Associated Press (AP).
