ReadWriteWeb

Twitter's status blog this morning announced that Twitter has addressed the most recent variant of the Mikeyy worm but recommends that you still avoid viewing the profiles of users posting "uncharacteristic or otherwise suspicious tweets."

It shouldn't be this hard, Peter Soderling, founder of Stratus Security told ReadWriteWeb yesterday. "It appears Twitter is solving the problem by focusing on the input filtering, but a simpler and more effective solution would have been to focus on output escaping; encoding the script tags so they could not execute in any victim's browser."