Twitter ‘onmouseover’ security flaw widely exploited

It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed.

Hopefully Twitter will shut down this loophole as soon as possible - disallowing users to post the onMouseOver JavaScript code, and protecting users whose browsing may be at risk.

Some users are also seemingly deliberately exploiting the loophole to create tweets that contain blocks of colour (known as "rainbow tweets"). Because these messages can hide their true content they might prove too hard for some users to resist clicking on them.

I like the fail whale better