Engineers at Twitter.com plugged a vulnerability in the social network s main Web page after attacks that exploited the hole may have hit more than 500,000 users. The hole in question had been patched internally by the company last month, but was inadvertently reintroduced with a Web site update. White House Press Secretary Robert Gibbs was perplexed by the balky javascript attack. The attacks leveraged a common javascript feature, onmouseover, which allows Web developers to program discrete actions when visitors move their mouse cursor over a designated area of a Web page.
Source: https://threatpost.com/twitter-closes-web-hole-after-attack-hits-500000-092110/74499/

