Twitter Clickjacking Hack...

February 2009

Twitter clickjacking hack released. A Web developer has released a proof-of-concept clickjacking attack targeting Twitter that demonstrates how an attacker could take over a member’s “update” function on the microblogging site. Simply put, all it takes is for the victim to click on a seemingly innocent link on a Web page while logged into Twitter, and then his or her “What are you doing?” status is under the attacker’s control. “It means anyone can update an individuals Twitter status without you knowing,” says the independent Web developer who wrote the PoC and published it on his Website. Clickjacking is an attack where a bad guy slips a malicious link invisibly onto a Web page or under a commonly used button on a Web site. When the user clicks on the link or rolls his mouse over the link, he becomes infected. Microsoft has included a new clickjacking protection feature in Internet Explorer 8 that lets Websites safeguard their sites and visitors without browser add-ons.