How did the recent “Don’t Click” clickjacking attack on Twitter come about? Pretty innocuously, according to this report… a funny hack went viral, and refused to be defused. (I haven’t confirmed the author’s account, but it seems plausible, and is interesting in its own right.)
A novel aspect of the Twitter-jacking is that the third-party content was introduced via URL-shortening services. Fixes have been attempted, and rebuffed. Check out the explosive growth in this chart.
This “Don’t Click” isn’t a serious exploit in itself, but it’s a serious step along an existing vulnerability. Stay tuned.