Bob Lord

Mediabistro Course

Pinterest Marketing

Pinterest MarketingPin your way to a wider audience! Starting December 1, work with the VP of Marketing at SheKnows to learn how to leverage Pinterest for your brand. In this course, you'll learn how to create a Pinterest Playbook to develop and measure your marketing strategy, grow a follower base, run an effective contest, and stay updated on the best practices for this platform. Register now!

Twitter Explains 'onMouseOver' Security Breach

Bob Lord from the Twitter security team explained the security breach on Twitter.com that occurred early Tuesday morning — in which users who hovered over links were directed to suspect Web sites and spam messages were automatically generated and retweeted — in a post on the Twitter Blog:

The short story: This morning at 2:54 a.m. PT, Twitter was notified of a security exploit that surfaced about a half-hour before that, and we immediately went to work on fixing it. By 7 a.m. PT, the primary issue was solved. And, by 9:15 a.m. PT, a more minor but related issue tied to hovercards was also fixed.

The longer story: The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted Web site into another one. In this case, users submitted JavaScript code as plain text into a Tweet that could be executed in the browser of another user.

We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.

Read more