Twitter Javascript bug opens security hole to malware & porn pages

Shock, horror and redaction-themed confusion on Twitter this morning, as an apparent javascript hole has seen the short-messaging service overrun by black boxes which can spawn pop-up messages and even open new browser windows.  The flaw has been exploited by various people, some for entertainment purposes such as changing colors, but others using it to redirect users to pornographic sites and potentially malware-infested pages.

The current advice – until Twitter wakes up and fixes things – is to avoid clicking or mousing-over any of the blacked-out messages in your timeline.  Alternatively, use a third-party Twitter app (or indeed one of Twitter's official clients for mobile devices like the iPad or Android smartphones) or the m.twitter.com official mobile site, which do not appear to be suffering from the same issue.