Source: Spam Fighter
Eric Wastl and Lance James, Security Researchers at Secure Sciences Corporation (located at San Diego, US), have identified an XSS (Cross-Site Scripting) vulnerability in Twitter, influencing this widely used micro-blogging service.
The researchers state that anyone clicking on a maliciously designed web link on Twitter could enable an attacker to compromise the user’s account. Apart from an attack code, an attacker could take over the person’s PC by exploiting the XSS vulnerability.
Providing further details, the researchers said that the Cross-Site Scripting loaded page commonly offers a choice to those users following the link whether they want to be infected or not. Thus, the attack begins its operation only when it gets the acceptance signal from the user. A point of concern is that a sinister attacker could use this flaw to do even worse things. For instance, he could rearrange the attack in such a way that no alert windows surface, while the person could display sensational messages worthy of getting the user to click.
Download your free copy of SPAMfighter
– An Spam Filter for Outlook, Outlook Express and Windows Mail