Friday, February 13, 2009

Twitters falls victim to ClickJack attack

Twitter put an end to a clickjacking attack yesterday that got users to click on a link labelled “Don’t Click”.

In an attempt to satisfy their curiosity (or simply do what they were told not to do) thousands of users clicked on the link.

Whether they clicked on the link or not, a link would appear on their Twitter page with the same link and message as they originally received.

"We patched the "don't click" clickjacking attack 10 minutes ago. Problem should be gone," John Adams, aka Netik, an operations engineer at Twitter, tweeted around 11 am PST.

Although annoying, the clickjacking seems to be harmless and just propagated itself.

More on this attack can be found here.

No comments: