I was browsing Twitter late into the night. At some point I hit a profile with a funny ASCII animation at the top. Maybe that was where it started, I don’t know.
This is what I saw in my Twitter account…
Dude! Mikeyy! Seriously? Haha. 
Dude, Mikeyy is the shit! 
Dude, Mikeyy is the shit!
What I do know is I woke up and was unpleasantly surprised. I checked my emails. A nice and informed person had notified me that my Twitter profile had been hit with the “mikeyy exploit” and I may want to check it out and change my password or something.
He left me this link to read up on the situation.
http://www.sophos.com/blogs/gc/
Then I went to search.twitter.com and looked up tweets people had sent me. Other people were either asking why I was saying things about Mikeyy, but some knew what was happening and sent more links like this one.
http://dcortesi.com/2009/04/11/twitter-stalkdaily-worm-postmortem/
I don’t claim to understand what exactly happened, other than it seems some temporary Javascript can be applied to a page and funny business can be made to happen on that page by a page from another site. This is apparently called a cross-site scripting attack or XSS.
http://en.wikipedia.org/wiki/Cross-site_scripting
The issue can be addressed by Firefox users with the “NoScript” extension. I hate the idea of installing this. Seems like there should be a better way. Indeed maybe one of Explorer’s annoying popups has addressed it over in that camp. I need to look more into that.
Here is the Firefox solution.
I have installed it. It is annoying. I went into the preferences and cranked it down a little. There is also an “S” logo at the bottom of the browser that lets me change specific preferences for a site. I turned on a sound effect when it is called up so I can change the settings for a given site and not miss the intended and good functionality of that site.
In this particular situation, I do not believe the code is still in my Twitter profile. I think last night’s issue has been resolved.
Being someone who makes websites and loves Javascript, this is a troubling fix. The browsers should step it up here, as they may have already begun doing.
I have exposed some of my ignorance here. I hope if you know more you will leave a helpful comment below. Thank you!