by Michael Smith (Veshengro)
London, 09/21/2010: A Java Script exploit has allowed all kinds of pop up sites and text through Twitter.com web client, and force a re-tweet, even if all a user does is move their mouse over a particular link. Many of those sites and pop-ups certainly were not at all safe for use at work and could make the user fall foul of ICT policies in their places of work.
The exploit has spread to thousands of accounts by early afternoon UK time – some with hardcore porn pop-ups, other with jokey references to the exploit – so it is advisable to stick with a third-party Twitter clients for the time being to read and send your short updates.
Some users have reported that simply visiting Twitter.com, with certain tweets from followers loaded, could be enough to trigger an incident. Thus is is advisable to avoid Twitter.com entirely until the exploit is repaired.
While by mid-afternoon UK time according to Twitter the the exploit has been patched, I would still say that it is a good idea to let the fix propagate through DNS servers before heading back to Twitter's web client.
Stay with third-party clients for maybe a day or two.
© 2010