Twitter hackers hit rollover jackpot

If you’re a Twitter user, it’s best to steer clear of the main site for the time being. A cross-site scripting error has led to everything from whimsical fun and games to full-on hacking attempts.

The site itself hasn’t been hacked as such, but users both fair and foul have been exploiting a flaw that allows links posted at Twitter.com to be active just from a rollover rather than a click, using the old-school Ja vascript onMouseOver function.

If you remember this from the early days of web page building, you’ll probably remember hooking up a link to produce a pop-up message to read “you smell” when the mouse rolls over it. And there’s certainly plenty of that type of japery going on, but some of the abuse is more serious.

As well as spammers exploiting the bug to produce pop-up advertising, those of a more malicious nature have been setting links to open automatically. That’s being done by using a URL shortener to get the full link in but still allow the javascript command to be inserted in a way that isn’t filtered out by the Twitter site.

A post on the account of Sarah Brown, the wife of the former British Prime Minister, is reported to have redirected readers to a Japanese hardcore porn site. And there are also reports of rollovers links sending users straight to malware sites that, for example, use a worm to hijack the Twitter account and post more links (which is presumably what happened to Brown.)

The issue doesn’t appear connected to the new Twitter.com homepage design that is being rolled out to users: it’s affecting visitors to both the original and revised site. Third-party applications are unaffected.

If you really feel the need to use a web version of Twitter, the version formatted for mobile devices (mobile.twitter.com) appears to be safe at the moment, with the infected links simply appearing as a string of code. Visting that site is also a quick way to see how rapidly the problem is spreading among your contacts.

(Picture credit: Sophos)

Adventure Theatre’s Awesome Lightsaber Adventures

Erin Steenson teaches kids how to handle a lightsaber at Adventure Theatre’s Lightsaber Adventures. Wish there was something like this near the place I live… I know my kids would have a blast participating! Unfortunately, at $300, the price is a little steep, but i’d probably end up enrolling them anyways.

Bring your young Jedis to Adventure Theatre’s one-of-a-kind stage combat workshop. Join professional stage combat instructor and Jedi Master as he or she instructs our Younglings in the ways of the Force. From simple tasks to challenging missions, Master will guide apprentices so that they may learn such important skills as awareness of one’s surroundings, cooperation in crisis and respect for one’s self and for others equally.This class will teach lessons in safety, focus, spatial awareness, teamwork and self-discipline all within a safe framework of basic stage combat movement.

[Via TDW | WAPO]

Amazing Fan-made Pokémon Movie Trailer

I’m a kid of the late 70’s, so unlike many of you, I didn’t grow up in the “pokémon” generation. But even though I’ve always thought the little critters were kind of ridiculous, I have to admit that this fan-made movie trailer totally kicks ass. Check it out:

Oh and by the way, we think that [GaS] reader Kirsten would have made a way better and sexier Misty (compared to the girl playing the role in the video.) Just check her out right here (3rd pic down.)