Twitter Patches Security Flaw and Introduces New Features

There should be an image here!Twitter has been making mainstream media headlines around the world today, sadly for all the wrong reasons. Users logging onto the Web interface earlier were greeted with a flurry of spam links to various sites, ranging from harmless blank pages to porn site redirections. The attack was made possible thanks to a flaw in the micro-blogging network’s handling of links, meaning the hackers were able to inject malicious scripts into Web pages, upon visiting them the user’s account could be exploited.

Twitter have been making lots of changes to their service in the last week. The gradual roll-out of “New Twitter” around the globe means less people were affected than could have possibly been, those with the updated interface avoided the exploit; but a bug in the “old” site’s handling of XSS cross-site scripting meant it was possible to include JavaScript in Tweets which then had a free reign of destruction. The bug has now been patched and it’s safe to visit the Web interface once again.

In addition to patching security flaws, two new features have been added to the newer Twitter Web app, auto-completion of user names, and (finally!) a reply-to-all for multi-user messages. It seems they really have been listening to requests from the community as two of these suggestions were from Hillel Fuld‘s recent article on missing features from the New Twitter.

The new auto-complete function works similarly to the Facebook implementation – simply typing “@” into the message field, followed by the first letters of a user’s account name and matches will be shown in a selection box. Reply-to-All is now a default behaviour for replying to Tweets that contain multiple usernames, hitting reply will now respond to all of the persons in the tweet.

While most of the new features in the updated Web portal have been present in third-party clients for many years, many people still use Twitter.com as their only access to the service, at work-places and schools for example, where it is not possible for users to install their own apps.