Stay away from Twitter.com; it's being exploited with simple code

If you haven't seen already, Twitter.com is under attack exploiting a flaw in its system with a simple code called "onmouseover" that is used to execute code or a command when your mouse cursor is moved over the bad area.

My @camwilmot account has personally been affected just now and as far as I can see, it only affects the front page of Twitter.com and not other pages such as your profile page.



Basically what I did by mistake was move my mouse over a strange tweet with black color background over the text and then that took over my Chrome v6 browser. Now when I load the old Twitter.com I am unable to access the page and if I click anywhere a link is opened in a new window. Meanwhile tweets are automatically being made consisting of re-tweets of the latest tweets from a Twitter user called "Matsta". Is this some sort of attempt to push Twitter to move all of its users to the new Twitter.com design that was unveiled last week or just a way to highlight flaws in Twitter's security? Some Twitter users are reporting that the new Twitter.com is not affected, but at the time of writing we could not confirm if this is true or not.

No doubt Twitter's developers and coders are hard at work right now putting a fix to this. As for now, you should probably avoid Twitter.com and stick to a Twitter client such as TweetDeck which isn't affected by this exploit.

06:45 US PST UPDATE: Here is an update from Twitter: We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.