DVV Blog » hack http://davidvanvickle.com/blog Work that web. Mon, 12 Jul 2010 00:02:54 +0000 en hourly 1 http://wordpress.org/?v=3.0 Awakened by Mikeyy. Little punk. http://davidvanvickle.com/blog/2009/04/12/awakened-by-mikeyy/ http://davidvanvickle.com/blog/2009/04/12/awakened-by-mikeyy/#comments Sun, 12 Apr 2009 21:18:42 +0000 David http://davidvanvickle.com/blog/?p=336 I was browsing Twitter late into the night.  At some point I hit a profile with a funny ASCII animation at the top.  Maybe that was where it started, I don’t know.

This is what I saw in my Twitter account…

Dude! Mikeyy! Seriously? Haha. ;)
Dude, Mikeyy is the shit! :)
Dude, Mikeyy is the shit! :)

What I do know is I woke up and was unpleasantly surprised.  I checked my emails.  A nice and informed person had notified me that my Twitter profile had been hit with the “mikeyy exploit” and I may want to check it out and change my password or something.

He left me this link to read up on the situation.

http://www.sophos.com/blogs/gc/

Then I went to search.twitter.com and looked up tweets people had sent me.  Other people were either asking why I was saying things about Mikeyy, but some knew what was happening and sent more links like this one.

http://dcortesi.com/2009/04/11/twitter-stalkdaily-worm-postmortem/

I don’t claim to understand what exactly happened, other than it seems some temporary Javascript can be applied to a page and funny business can be made to happen on that page by a page from another site.  This is apparently called a cross-site scripting attack or XSS.

http://en.wikipedia.org/wiki/Cross-site_scripting

The issue can be addressed by Firefox users with the “NoScript” extension.  I hate the idea of installing this.  Seems like there should be a better way.  Indeed maybe one of Explorer’s annoying popups has addressed it over in that camp.  I need to look more into that.

Here is the Firefox solution.

http://noscript.net/

I have installed it.  It is annoying.  I went into the preferences and cranked it down a little.  There is also an “S” logo at the bottom of the browser that lets me change specific preferences for a site.  I turned on a sound effect when it is called up so I can change the settings for a given site and not miss the intended and good functionality of that site.

In this particular situation, I do not believe the code is still in my Twitter profile.  I think last night’s issue has been resolved.

Being someone who makes websites and loves Javascript, this is a troubling fix.  The browsers should step it up here, as they may have already begun doing.

I have exposed some of my ignorance here.  I hope if you know more you will leave a helpful comment below.  Thank you!

]]> http://davidvanvickle.com/blog/2009/04/12/awakened-by-mikeyy/feed/ 6