Twitter onmouseover exploit gets Sarah Brown

If you’re on Twitter right now you might notice something totally bizarre is happening. People are Tweeting large black blocks of text embedded with code which results in a slew of error messages.

It’s actually a vulnerability in the new and old Twitter code, as Graham Clulely at Sophos pointed out today. It works with onmouseover code and it’s spreading like wildfire, one of the victims being high profile Tweeting wife, Gordon Brown’s beau Sarah Brown.

If you roll your cursor over the block of text it can redirect users all over the place – the attack on Sarah Brown’s followers forwarded a link to a Japanese hardcore porn site. 

At the moment, says Clulely, it’s only being used for mischief. CNET mentions that mouseover hacks are not that tricky and have been implemented in e-mail clients time and time again.

Here’s us being duped:

There has, at time of publishing, been no official reaction from Twitter. By the way, years of internet geekery had us thinking the black blocks were spoiler tags, commonly used on forums to highlight tags. Yeah, we fell for it. Try not to! 

Best bet for now is to use 3rd parties and stay away from the Twitter dot com homepage. Our favourite Tweets so far:

@Girlonetrack SkyNet has infiltrated us.

@Jazzchantoozie Don’t worry, I’ve made a thermos flask of tea! #blitz

@Solobasssteve Why the hell would Twitter not have blocked onmouseover script as standard? That’s insane.

@JamesMawFFT Monday: Titus Bramble joins Twitter. Tuesday: Twitter is broken. Just saying…