The Twitter mouse-over vulnerability, which caused grief for thousands upon thousands of Twitter users has been patched and resolved. The bug which was first reported at 2:54 am PDT on Tuesday was declared gone by 6:50 am PDT.As short lived as it was, people are constantly tweeting. A 2009 study on pingdom.com showed the average number of tweets sent reaches above 1.1 million each hour. That's nearly 4.5 million tweets during the four hour span in which the worm was active. The way it worked was that a person could tweet a maliciously crafted link which included the "onmouseover" javascript code. When the link was touched by a user's mouse (not clicked, just the mouse running overtop of the link) that user's account tweeted the same link, while opening a third party website in the user's browser. There were several high-profile Twitter accounts affected, including White House Press Secretary Robert Gibbs and Sarah Brown, the wife of former British Prime Minister Gordon Brown.
This is not the first time that Twitter has combated this type of exploit on their site. Last month, the site faced similar attacks. These were fixed on August 24th. During an update of the site this fix was somehow reversed, which allowed the attacks to continue. Twitter tweeted a message of their status when the bug was reported, and updated it when they finished re-patching the hole. They then blogged on the site describing in greater detail the onmouseover flaw, how it had resurfaced from the problem they experienced last month, and reassuring their users that account security had not been breached.
Luckily, this exploit only affected those people who were using the actual twitter site. Those who use third-party or mobile applications to tweet and read tweets were completely unaffected.
netizens left a footprint.