Twitter.com was once again the brunt of a rapidly spreading worm after attackers exploited a vulnerability in "onMouseOver" JavaScript in order to bombard users with serial pop-ups and ...

この脆弱性は、フォームから入力されたツイートのエスケープ処理が不完全で、URLが自動リンクされる際に、a要素内に任意のHTMLオプションを埋め込むことができるもの。攻撃コードがonMouseOverイベントを利用していたため、「onMouseOver」問題と呼ばれている。 Twitterブログの事後説明 によると ...

The attack took advantage of the main Twitter’s web interface, which fails to disallow the ‘onMouseOver’ Javascript command.

Google is constantly combatting search engine spammers (I know some to do not like to be called this, so sorry). This past update, they began blocking an other type of spam named onmouseover ...

The massive Twitter "onMouseOver" attack on Tuesday may have been triggered by a Japanese hacker who claimed he wanted to expose a cross-site scripting flaw on the site.

Hopefully Twitter will shut down this loophole as soon as possible – disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk. Some users are also ...

Javascript command used to distribute malware. Australian teenager Pearce Delphin has been credited with discovering the onMouseOver scripting vulnerability that hit twitter.com last night.

The attack took place after the main Twitter web interface failed, allowing the ‘onMouseOver’ JavaScript command to take place. This meant any user moving their mouse over the command would be ...

Users were urged to use third party clients rather than Twitter.com until Twitter blocked the onMouseOver Javascript command. Got a news tip for our journalists? Share it with us anonymously here.

My twitter feed is overrun with messages containing the “onmouseover” JavaScript. Twitter originally said it was working on the problem.