twitterlogo

Looks like another vulnerability in Twitter’s site has introduced a new hack or prank today.

So unless you want a vulgar comment tweeted from your account about you and a goat do not click on any links or tweeted entries that begging with WTF.

Here is what they look like:

twitterhack26sep2010

I am sure there will be more to follow on this one like the one earlier in the week.

Update at 2:25 PM (EDT): This hack is apparently also hitting users in third party applications as well.  Twitter is also on it as they posted the following tweet about the attack:

twitterhack26sep2010twitterapi

Update at 2:30 PM (EDT):  The vulnerability that made goats a trending topic on Twitter has been fixed:

twitterhack26sep2010fixed

Final Update at 2:51 PM (EDT): A comment from this post on TechCrunch explains how the vulnerability did its thing:

As commenter Andrew Nacin points out, the bug is called a cross-site script forgery. Web programming security 101. It should only affect twitter.com, as it relies on an iframe of twitter.com and a little JavaScript to post the tweet form (twice). It seems that if you click this link “http://pastehtml.com/view/1b7xk3b.html”, and you are signed into Twitter, it will autotweet two Tweets with the sex with goats bit and the WTF link.

Thanks to @scobleizer for the reference to that comment and article.