Thousands of Twitter users have been compromised due to a security flaw on the Twitter website. What thiis ‘bug’ does is redirect users to third-party websites without their consent when the user hovers their mouse over tweets in the timeline.
We’ve identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit. We expect the patch to be fully rolled out shortly and will update again when it is.
The best way to protect yourself is using third-party apps (like TweetDeck, Tweetie, and Seesmic) instead of using the web version, which is where the flaw is located.
UPDATE: Twitter has patched the security breach, you can now access Twitter from its website without being redirected.
Apparently Twitter added two new features to the New Twitter right after patching the security flaw – username autocomplete and reply to all.
Although these two features are already widely known by third-party application users, this is a big improvement on Twitter’s part.
What is username autocomplete? Sometimes it’s annoying to have to type long usernames when tweeting, especially if you don’t remember what the username is. With username autocomplete, all you have to do is type the ‘@’ sign followed by the first letters of their name, and a drop-down menu with relevant usernames will appear.
How about reply to all? Have you ever engaged in a conversation with a lot of Twitter users? If so, this is the right feature for you. When someone tweets a tweet that includes several usernames, you can click the ‘reply to all’ button and all the usernames will automatically appear on your tweet box.