The attack, posted online here, first displays a warning message and then posts Secure Science's test code "@XSSExploits I just got owned!" to the victim's profile. But if a hacker wanted to use this technique to compromise users' PCs, they could remove the warning screen and combine the link with a sensational message which users couldn't help but click. Add in some browser attack code, and before you know it, clicking a Twitter link could allow a hacker access to your computer. This, says James, "would just tear the cr*p out of Twitter." He adds, "I'm holding my breath, hoping no one does something stupid at this moment."

According to Secure Science researchers, this particular bug can be eliminated by fixing the cross-site scripting flaw, but if another similar bug were to show up on the site, users would soon face the same problem all over again.

Still, one has to wonder, why are they publishing this information publicly instead of alerting Twitter directly? Apparently, it's because the research company is concerned Twitter is not taking security seriously enough. James says he hopes this demonstration will push Twitter into making it more of a priority.

The State of Twitter Security

It's easy to see why security professionals may be worrying about the state of security at Twitter - the company has had some rather high-profile incidents as of late. Only last month, a second clickjacking attack was revealed after the company had just finished patching one that was unveiled in January. Also in January, the accounts of 33 high profile Twitter users including Britney Spears, CNN news reporter Rick Sanchez, and Barack Obama, were compromised by hackers who defaced their accounts with embarrassing and offensive messages.

At the time, Graham Cluley, senior technology consultant at Sophos advised Twitter "to take a long hard look at its security to ensure that this never happens again, and regain the confidence of its members." Yet since then, more potential attack vectors have been revealed.

Staying Safe on Twitter Keeps Getting Harder

If Twitter is indeed replacing, or at the very least, augmenting email for interpersonal communications, then perhaps it's time for us to apply those same age-old rules that once applied to email - be careful what you click. Now that it's finally been drilled into people's heads that email attachments aren't always safe, it seems like we have to start again educating Twitter users that the same goes for links.

But when a service goes mainstream - like Twitter is doing now - it's going to become filled with people who won't give a second thought to security concerns such as these. Instead, without intervention on the part of Twitter to address these issues, consumers are going to end up learning "the hard way" - by becoming victims.

The security problem only gets worse when you think about how easy it is for people to create fake celebrity accounts not to mention how easy it is for Twitter spammers to join the service. Since Twitter doesn't authenticate new accounts via email, anyone can post any message from any address, real or fake. There are even opt-in services that Twitter spammers can join to quickly accumulate large numbers of followers quickly in an attempt to appear more legit.

Although Twitter is attempting to fight spam on several fronts (they're now disabling accounts that automate re-following for instance), it seems as if more and more Twitter spammers are creating accounts every day. (How many of those SEO advisors and 'life coaches' are for real, I wonder?)

As Twitter explodes into the mainstream, it may be time for them to work on addressing some of these issues before they focus on enhancements to the site like the relatively new "suggested users" section or the in-house ads - features which a few folks suspect may have something to do with Twitter's supposedly soon-to-be-revealed business model. While we understand the service needs to develop their business plan, they recently closed a $35-million financing round, which added even more cash to their previous round ($15 million). Given that they only have 20 employees, they're (in theory) only burning through around $5 million a year. We're not sure what Twitter is doing with all that money, but we would like to suggest that they use some of it to hire security professionals to help make the service safer...before it's too late. 

The Fox tweet was deleted an hour after it was posted, so the password may not have been changed. The Facebook account on Twitter just posted a link to porn, so it appears that the situation remains unresolved. Update: Twitter says it's been resolved but that users should change their passwords! The Twitter blog has just posted an explanation of the breach. Screen shots of the hacked accounts below below.

Some suspected that the hacks today were associated with the weekend's phishing attacks, but the Fox News account isn't following anyone - so no one could have direct messaged it. That's how accounts were taken over via phishing. Something else is afoot.

If the hacker is associated with the affiliate link sent out over Obama's account, it may not be hard to discover who did this. Time will tell.

Twitter co-founders Evan Williams, Biz Stone and lead engineer Alex Payne have posted no messages since the attacks emerged. This can't be good for Twitter. What major brand will be excited to sign up for the service now? Who would pay, even, to be put at such risk?

Gender is an important lens through which people communicate and that's still the case online. Below are links to some of our favorite women bloggers and some favorites from some web celebs you may or may not know. We hope you'll visit their sites and add more of your favorites in the comments.

Marshall Kirkpatrick

Many of my favorites were named by the people below, but a few unique ones include:

Anastasia Goodstein, founder of YPulse, a blog about marketing to youth that even non-marketers will enjoy reading.

Marjolein Hoekstra of CleverClogs, my RSS mentor.

Orli Yakuel, Go2Web2.0, frequently finds web apps first.

Laurel Papworth, SilkCharm, a fabulous Australian social media consultant I've just recently discovered.

Photo: Orli Yakuel, by Yaniv Golan

Sarah Perez

RWW writer Sarah Perez says our own Corvida is her favorite woman blogger, but she's got a list of others she likes a lot as well.

Cyndy Aleo-Carreira, from Profy, a leading news blog about life online and promotion for the Profy blogging platform. Svetlana Gladkova, who writes on Profy.com as well as the Profy Development Blog is also one of Sarah's favorites.

Tamar Weinberg, Techipedia, is an internet marketing rock star and a repeat selection by several people asked to make a list for this post.

Veronica Belmont is a blogger and video blogger all over the internet.

Natalie Del Conte is a blogger and video blogger for CNet/CBS.

Gina Trapani leads the fabulous blog LifeHacker

Emily Chang writes and publishes all kinds of different sites, including PicoCool and eHub. Her design company created the most recent design for RWW.

Leah Culver is a founder of standards-happy microblogging platform Pownce.

Kara Swisher writes for All Things D and is one of the most powerful people on the web.

Sarah Lacy is a business writer, author and blogger focusing on tech.

Wow, what a list!

Photo: Sarah Lacy, by Brian Solis

Frederic Lardinois

RWW's Frederic Lardinois was a little late to the game, so many of his favorites were already taken by Sarah above (whose weren't?) - but here's a few folks he's adding to the list.

Susan Mernit used to work at Yahoo! Personals, is rumored to be working on a secret startup project and has lots to teach all of us about the social media space.

Xeni Jardin writes for weird-hunting blog BoingBoing and publishes media all around the world and web.

Lorelle VanFossen writes Lorelle on Wordpress, a leading source of education about using WordPress and about blogging in general.

Photo: Susan Mernit, by Brian Solis

Friends of ReadWriteWeb

Why stop at just our list? We asked a few other people to contribute. We hope you'll add your list of favorites in comments as well.

Matt Mullenweg is the creator of WordPress and another fan of Lorelle on Wordpress. He also named three other bloggers that were new to our list.

Kathy Sierra teaches people about usability and design. More than a year after a gender-based campaign of harassment led her to stop posting to her blog, Sierra remains a public speaker in high demand and one of many peoples' favorite bloggers.

danah boyd is an academic researching the culture of youth on social networks. If you've ever got some free time and want just one blog to read - hers is a good choice.

Tara Hunt is a marketing consultant and author. She blogs at Horse Pig Cow about how businesses can thrive in the changing online world.

Holly Ross

Holly Ross is the Executive Director of the Nonprofit Technology Network, NTEN. Her must-reads include:

Nancy Schwartz's Getting Attention, all about new media marketing for nonprofit organizations.

Michelle Martin's Bamboo Project is a blog about personal and proffesional development for knowledge workers.

Charlene Li is an outbound analyst at Forrester and co-author of Groundswell, a book and a blog about how big business can transform itself to engage in the social web.

Beth Kanter is a nonprofit tech consultant who has worked with nonprofit arts and community-based organizations for over twenty-five years. Words can't describe Beth's awesomeness.

Mike Linksvayer

Mike Linksvayer is the CTO of Creative Commons, a global organization working to create alternatives to traditional copyright law. His favorite bloggers include:

Wendy Seltzer is a technology law blogger who writes about Intellectual Property Rights.

Kerry Howley is a senior editor at Reason magazine and a blogger.

Michelle Thorne is a thinker, about free culture and a whole lot more.

Carolina Botero is a Colombian blogger who writes in Spanish about Free Culture and technology.

Curt Hopkins

Curt Hopkins is the founding editor of The Committee to Protect Bloggers, a blog and organization dedicated to protecting bloggers around the world from imprisonment, censorship and other offenses at the hand of authoritarian governments. Curt didn't hesitate for a moment before pointing us toward the following bloggers.

Esra'a Al Shafei is a 21 year old blogger from the Kingdom of Bahrain. She writes at Mideast Youth and at FreeKareem.org, a blog dedicated to agitating for the freedom of imprisoned Egyptian blogger Abdul Kareem Nabeel Suleiman.

Israel-Canadian freelance writer Lisa Goldman writes about Israel and media.

Sokari Ekine is the founder of Black Looks, a blog about Africa, women in Africa and a whole host of other topics.

Who Are Your Favorites?

The blogs above are just a few of the many that are written by women leading public discussions about technology and many other topics online. Now that it's time for this year's Blogher conference, we'd love to take the opportunity to discover more excellent women who blogs. Who are your favorites?