BREAKING: Post javascript into your status update on Twitter and you can make something appear in the pop-up as a user mouses over your tweet. This is clearly now causing havoc across the Twittersphere as users either do funny, rick-rollling type stuff, or scammers catch on to the exploit. It looks like many users are currently using the flaw for a joke but cybercrims could redirect users to third-party websites containing malicious code, or for spam advertising pop-ups. [Update: it appears the exploit could also fill and submit a status update form 'on your behalf' leading to it spreading to over 40,000 tweets within 10 minutes.] This is only affecting the actual Twitter web site (which has the highest number of Twitter users), not third party apps like Tweetdeck, Seesmic, etc. 0 0Authors: Mike Butcher