Bob Lord

Mediabistro Course

Instagram Marketing

Instagram MarketingStarting October 27, learn how to gain likes and followers on one of the most popular social media platforms! In this course, you'll learn how to develop an Instagram strategy that will make your profile stand out and gain new followers, tell a brand story through photos, and use your Instagram profile to drive your sales and business objectives. Register now!

Twitter Explains 'onMouseOver' Security Breach

Bob Lord from the Twitter security team explained the security breach on Twitter.com that occurred early Tuesday morning — in which users who hovered over links were directed to suspect Web sites and spam messages were automatically generated and retweeted — in a post on the Twitter Blog:

The short story: This morning at 2:54 a.m. PT, Twitter was notified of a security exploit that surfaced about a half-hour before that, and we immediately went to work on fixing it. By 7 a.m. PT, the primary issue was solved. And, by 9:15 a.m. PT, a more minor but related issue tied to hovercards was also fixed.

The longer story: The security exploit that caused problems this morning Pacific time was caused by cross-site scripting (XSS). Cross-site scripting is the practice of placing code from an untrusted Web site into another one. In this case, users submitted JavaScript code as plain text into a Tweet that could be executed in the browser of another user.

We discovered and patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.

Read more