A 17-year-old Australian who goes by the Twitter handle @zzap says he exposed the cross-site scripting flaw that led to Tuesday’s widespread Twitter worm, dubbed onMouseOver.
A full account of Pearce Delphin’s mea culpa is reported by the AFP news agency, which quotes the teen saying: "I did it merely to see if it could be done ... that JavaScript really could be executed within a tweet."
Internet services company Netcraft also documents Tuesday's timeline well, noting that "zzap appears to have discovered the vulnerability shortly after seeing RainbowTwtr's colourful use of CSS injection to display the colours of the rainbow."
Also see: 12 CIOs who tweet
The Twitter security breakdown, which Twitter explains in a blog post, was resolved within a few hours and mainly resulted in some experimental and prank worms, such as turning Tweets different colors when a user moused over them. Exploits also redirected some Twitter users to hardware Japanese porn sites and messed with the White House Press Secretary’s account.
Google emphasized that the flaw, which had actually been discovered and patch a month ago, affected the old Twitter site and not its mobile site or the newly revamped Twitter site.
Computerworld’s Gregg Keizer reported that one reason the flaw was not apparently exploited by cybercriminals is that user feedback on social networking sites like Twitter helps to ensure a site’s security team gets pretty quick feedback on problems.
Twitter suffered a security issue last year that stemmed from a teen’s tinkering as well: the Mikeyy (also StalkDaily) worm was unleashed by a teenager.
In the end, Twitter apologized to users who may have encountered problems.
Read more about wide area network in Network World's Wide Area Network section.