Twitter Worm Is A Reminder to Protect Against XSS Attacks

If you are an avid user of Twitter, then you have probably heard about the worm that spread via the popular social networking site this weekend. Once infected the worm would infect your Twitter profile and then begin to blast out Tweets using your account information. From most accounts this appears to be the largest virus or worm that has targeted Twitter. So how did the attack happen?

It appears that the worm that infected Twitter this weekend was due to a hacker exploiting the site via a XSS attack. Apparently, you could post script code on your profile page, and this is where the attacker inserted the malicious code. It then spread the same way through infected profiles.

This is a VERY good reminder for all developers to be aware of XSS and how to prevent these attacks in your applications. I will post some articles soon on how to deter such an attack in your code.

Comments

comments powered by Disqus