Australian teen fesses up to exposing Twitter flaw

A 17-year-old Australian who goes by the Twitter handle @zzap says he exposed the cross-site scripting flaw that led to Tuesday’s widespread Twitter worm, dubbed onMouseOver.

A full account of Pearce Delphin’s mea culpa is reported by the AFP news agency, which quotes the teen saying: "I did it merely to see if it could be done ... that JavaScript really could be executed within a tweet."

Internet services company Netcraft also documents Tuesday's timeline well, noting that "zzap appears to have discovered the vulnerability shortly after seeing RainbowTwtr's colourful use of CSS injection to display the colours of the rainbow."

Also see: 12 CIOs who tweet

The Twitter security breakdown, which Twitter explains in a blog post, was resolved within a few hours and mainly resulted in some experimental and prank worms, such as turning Tweets different colors when a user moused over them. Exploits also redirected some Twitter users to hardware Japanese porn sites and messed with the White House Press Secretary’s account.

Google emphasized that the flaw, which had actually been discovered and patch a month ago, affected the old Twitter site and not its mobile site or the newly revamped Twitter site.

Computerworld’s Gregg Keizer reported that one reason the flaw was not apparently exploited by cybercriminals is that user feedback on social networking sites like Twitter helps to ensure a site’s security team gets pretty quick feedback on problems.

Twitter suffered a security issue last year that stemmed from a teen’s tinkering as well: the Mikeyy (also StalkDaily) worm was unleashed by a teenager.

In the end, Twitter apologized to users who may have encountered problems.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags internettwittersocial networkingindustry verticalsanti-malwarecssInternet-based applications and servicesDelphiNetcraftTwitter worm

More about GoogleLANNetcraft

Show Comments