A cross-site-scripting security flaw in Twitter is allowing pranksters to redirect visitors to third-party websites such as porn pages.
Victims of the onMouseOver exploit include Sarah Brown, wife of the former British prime minister, whose million-odd followers found themselves redirected to a Japanese hardcore porn site.
“don’t touch the earlier tweet – this twitter feed has something very odd going on!”, she warned.
“It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed,” says Graham Cluley of security firm Sophos.
According to Cluley, some users also seem to be exploiting the loophole to create ‘rainbow tweets’ – tweets that contain blocks of color. Because these messages can hide their true content, he says, they might prove too hard for some users to resist clicking on them.
Cluley suggests that until the problem is fixed, users might be better off using a third-party Twitter client, rather than the Twitter.com website.