Bob Lord

Mediabistro Course

Content Marketing 101

Content Marketing 101Almost 60% of businesses use some form of content marketing. Starting December 8, get hands-on content marketing training in our online boot camp! Through an interactive series of webcasts, content and marketing experts will teach you how to create, distribute, and measure the success of your brand's content! Sign-up before November 10 to get $50 OFF with early bird pricing. Register now!

Twitter Explains 'onMouseOver' Security Breach

Bob Lord from the Twitter security team explained the security breach on Twitter.com that occurred early Tuesday morning — in which users who hovered over links were directed to suspect Web sites and spam messages were automatically generated and retweeted — in a post on the Twitter Blog:

The short story: This morning at 2:54 a.m. PT, Twitter was notified of a security exploit that surfaced about a half-hour before that, and we immediately went to work on fixing it. By 7 a.m. PT, the primary issue was solved. And, by 9:15 a.m. PT, a more minor but related issue tied to hovercards was also fixed.

The longer story: The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted Web site into another one. In this case, users submitted JavaScript code as plain text into a Tweet that could be executed in the browser of another user.

We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.

Read more