a.k.a Elpie

Twitter has been hit by two cross-site scripting attacks in the past 24 hours. After the StalkDaily XSS hole was apparently fixed, the Mikeyy script started doing the rounds.

At the time of posting, Twitter is still working on this latest code injection but due to the earlier announcement that the StalkDaily hole had been fixed, many Twitter users appear to be unaware that a new threat exists.

Here is what is happening, how to protect yourself, and how to recover from the attack if your Twitter profile gets hit by the worms.

For over 12 hours today, Twitter users were exposed to a cross-site scripting vulnerability in their Twitter profiles. The "StalkDaily" incident resulted in the twitterverse being spammed with messages urging people to visit the infected site. Simply clicking on an infected profile page was enough to spread the worm.

Twitter let users down by not keeping people informed, but Twitter is not the only party at fault here - users who indiscriminately clicked on the StalkDaily link without practising safe computing were the ones who caused the problems.

The StalkDaily script relied on Twitter users not practising safe computing. So, how to limit your risk to this kind of attack on social networking sites?

For two years, WordPress has worked to a development schedule and set planned dates for each new release. For two years, not one new release has been made on time. By setting dates, the WordPress core developers create user expectations that have proven to be impossible to meet.

For those trying to work around bugs, or holding off upgrading or starting a new blog in order to avoid additional work, a planned date gives reassurance. But when the dates are not met, frustration soon follows. The blame does not lie with the work being done.

Duplicate content issues occur with most dynamic content management systems. Mambo (and Joomla 1.0.x) both have issues due to the frontpage component, with frontpage content being able to be accessed through several different URL's. Last month, Google, Microsoft, Yahoo and Ask.com launched a new meta tag that allows us to specify the canonical URL to be used on the Mambo front page. And here is how we do that...

Some people use Twitter for marketing, some use it to build relationships and networks, and some use it to stay informed and learn new facts. In today's #followfriday post I recommend to you some people to follow on Twitter for fun facts and history.