Mashable - The Social Media Guide - Latest Comments in How StalkDaily Opened a Gaping Hole in Twitter

Re: How StalkDaily Opened a Gaping Hole in Twitter

alisazhao1102 — Tue, 28 Jul 2009 04:07:29 -0000

If you’re a dedicated follower of tiffany like me. Don't miss the tiffanys & co. on sale including pendants, necklace, earrings, bracelets on line. tiffany jewelry is the one thing that outlasts the cake, champagne and music. links of london jewelry discount , famous for its sweetie and friendship bracelets.Ed hardy designer, christian audigier , is a brand of ed hardy, and now are favored in the moderning world as a mark of its nice tatoo.

Re: How StalkDaily Opened a Gaping Hole in Twitter

PamE — Thu, 16 Apr 2009 07:16:57 -0000

I noticed my profile has "&" and remembered that was one of the things to watch for with this worm. I went into my profile to delete it and it wasn't in my bio but it is till showing on my profile page. Any suggestions on how to get rid of this? I did follow the above instructions & changed my password and cleaned by cookies. Appreciate any help.

Re: How StalkDaily Opened a Gaping Hole in Twitter

flysquat — Mon, 13 Apr 2009 22:24:40 -0000

Nothing more than a jobless scriptkiddie. Hate em. Find em... beat em. Then bogart their gear. :) Sell it on ebay. "From the guy that exposed Twitter" 10,000$ equipment nearly new.

Re: How StalkDaily Opened a Gaping Hole in Twitter

wrought iron door — Mon, 13 Apr 2009 21:25:08 -0000

thanks a lots

Re: How StalkDaily Opened a Gaping Hole in Twitter

Ron West — Mon, 13 Apr 2009 06:02:26 -0000

So is this illegal? I can't see how there is a law against exploiting a websites lack of security against XSS. The attacker did not steal passwords or any other data - they just promoted themselves. I know this was a distraction and may be an issue of trust - but I can't see an illegal act here.

Re: How StalkDaily Opened a Gaping Hole in Twitter

Martin — Sun, 12 Apr 2009 16:17:17 -0000

It's quite serious cause 50%+ are using the web as their only twitter platform. I am not sure what this does and apparently no one is still certain but @rouge_leader says: "I can no longer log on via 3rd party apps."

Re: How StalkDaily Opened a Gaping Hole in Twitter

Rachel — Sun, 12 Apr 2009 14:08:28 -0000

Ok, I'm dumb, can you explain to me one thing? If Stalkdaily.com isn't guilty, what part of stalkdaily was necessary for the hacker to create this mess? It sounds from your explanation like the hack could have been (and was?) accomplished entirely within Twitter.

Re: How StalkDaily Opened a Gaping Hole in Twitter

Richard Sakai — Sun, 12 Apr 2009 12:48:04 -0000

interesting piece of code nonetheless.

Re: How StalkDaily Opened a Gaping Hole in Twitter

Gregory D. Howe — Sun, 12 Apr 2009 11:21:54 -0000

I was a victim of this attack. I received the usual e-mail message from Twitter indicating a new person was following me. I copied the name into the clipboard and while I was using Twitter from my browser I pasted the name as the last element of the URL and pressed the enter key. I followed the person and a few seconds later I saw messages in the timeline from me that I had not entered.

I immediately went to my settings and found what looked to be perhaps javascript in the URL field. I cleared the URL out, saved the settings and unfollowed the fellow. I went back a minute later and found that I was again following him so I blocked him. I then went to my setttings and deleted my profile thereby logging out. This morning I successfully reinstated my profile and I'm following and being followed my more folks than ever before. CRAZY high strangeness!

Re: How StalkDaily Opened a Gaping Hole in Twitter

JustinSMV — Sun, 12 Apr 2009 10:02:50 -0000

Reminds me of back in the AOL days where you could write code in the Instant Message windows and create scrips to punt people offline. Its scary to see how many people got affected by this script but I am sure Twitter is big enough to prevent the scripts from now on, hey thats the only way to learn right? Fail then succeed. Great post

Re: How StalkDaily Opened a Gaping Hole in Twitter

Arizona Dennizen — Sun, 12 Apr 2009 08:11:04 -0000

who visits twitter profiles? is twhirl immune?

Re: How StalkDaily Opened a Gaping Hole in Twitter

Joel Gascoigne — Sun, 12 Apr 2009 06:50:41 -0000

I really can't believe there was a huge security hole like this in Twitter! And that it's only just been exploited.

Re: How StalkDaily Opened a Gaping Hole in Twitter

Lynzy7 — Sun, 12 Apr 2009 06:28:04 -0000

2 other usernames are Hi (wooobabywoo) and also Thomas Moody (moodswingmanage)

Re: How StalkDaily Opened a Gaping Hole in Twitter

diptychal — Sun, 12 Apr 2009 06:26:55 -0000

It hasn't been fixed. It happened to my account. Thanks for letting us know how to avoid it at least.

Re: How StalkDaily Opened a Gaping Hole in Twitter

Wayne Smallman — Sun, 12 Apr 2009 06:17:18 -0000

Donald is right, these people are showing off to each other, scoring points and gaining respect amongst their peers. It's crazy, but they're just part of a clique, like most other people are, seeking that tacit nod of approval.

Twitter is a very high profile target, so I'll leave you to imagine how much kudos this scored them...

Re: How StalkDaily Opened a Gaping Hole in Twitter

Ganesh - Online Bull — Sun, 12 Apr 2009 05:56:58 -0000

You can say that again. I guess he's enjoying the attention right now.

Re: How StalkDaily Opened a Gaping Hole in Twitter

Richard McLaughlin — Sun, 12 Apr 2009 05:56:34 -0000

FYI, the worm is still running wild.

Re: How StalkDaily Opened a Gaping Hole in Twitter

Donald — Sun, 12 Apr 2009 05:38:39 -0000

Notoriety is everything

Re: How StalkDaily Opened a Gaping Hole in Twitter

David Jackmanson — Sun, 12 Apr 2009 05:30:51 -0000

As of five-ten minutes ago, it appears that hijacked Twitter accounts have been sending out spam messages saying things like "Man, Twitter can't fix shit. Mikeyy owns. :)". I wouldn't visit those accounts until we're told it's safe. Accounts include @PragueBob, @612Brisbane and @brisneyland

Re: How StalkDaily Opened a Gaping Hole in Twitter

Beau — Sun, 12 Apr 2009 04:57:55 -0000

It's back.
People who have been hacked - do not visit these profiles: http://tinyurl.com/cvujsd (Twitter Search link)

If you've been infected, change the URL in your profile, SIGN OUT from the Twitter WebUI, and wait for a fix.

'Mikeyy' only has access to your account while you're signed in to the webui, as it's cookie based. He doesn't have your password.

http://twitter.com/BeauGiles

Re: How StalkDaily Opened a Gaping Hole in Twitter

richie — Sun, 12 Apr 2009 02:47:04 -0000

Hey Mashable how is possible for these guys to hack Twitter accounts

Re: How StalkDaily Opened a Gaping Hole in Twitter

richie — Sun, 12 Apr 2009 02:43:26 -0000

How can someone hack your Twitter account, Mashable im kinda new here, can anyone answer this question Thank you im located in Staten Island ny

Re: How StalkDaily Opened a Gaping Hole in Twitter

sfsasa — Sun, 12 Apr 2009 01:21:11 -0000

What's the point of the three second delay? Why not steal your shit the moment the javascript starts running?

Re: How StalkDaily Opened a Gaping Hole in Twitter

Spider Monkey — Sun, 12 Apr 2009 01:16:03 -0000

BNO news says Mikeyy Mooney is the author. True ? http://twitter.com/Breaking...

Re: How StalkDaily Opened a Gaping Hole in Twitter

Facebook User — Sun, 12 Apr 2009 01:06:59 -0000

- sorry my comment posted twice cuz of my own stress!

yea - good comment about the firefox browser

I use google chrome - good as well

as the comment above reads friend in Australia had it first
when I was in Vermont at 8am EST
thx to my broken brains (no joke I have traumatic brain injury have not used computer for 5 years since car hit me) - thx be I fixed it. ugh, like I said I feel ya

this kinda crap is to be expected.