Tag Archives: javascript

What Twitter OnMouseOver JavaScript security flaw means to you

This morning, the security company Sophos posted an article on their blog describing the latest security issue to pop-up on the web, more specifically inside the Twitter client. And pop-up it does, because if you add some JavaScript in one of your tweets, you can make a pop-up box to display to every user that reads the tweet and move the mouse over that link. The event is OnMoueOver and it gets fired automatically when…you guessed, do a mouse over. The security flaw is present in the current Twitter official web client, 3rd party clients are safe.

It is now clear at this point how much damage the current security flaw can do since after all, you can’t really put that much code inside a tweet, but redirection is certainly a possibility and some spammers already took advantage of that by redirecting users to hardcore porn sites. Auto-tweeting is also an option with the possibility of generating even more spam.

Update: Twitter confirmed that the security exploit was fully patched. That was certainly fast!!!

Kindle 3 Review

Kindle 3 is the latest Amazon take in the eBook readers market and it does not disappoint:  It is smaller and lighter, comes in two colors and ads WiFi to the specifications list. I received mine on Friday from Amazon and had the whole weekend to play with it, so here is my experience. Before starting, I want to add that I also own Kindle 2 and Barnes and Noble’s Nook for quite a while, so my review will not only go through all the Kindle 3 functionality but it will also compare its features and usability against the other two devices. In the end, I will add a series of functionality tips and tricks destined to improve your experience.

1. Kindle 3 Unpacking

Read More…