0 Members and 1 Guest are viewing this topic.
A 17-YEAR-old Australian schoolboy said he unwittingly caused a massive hacker attack on Twitter that sent users to Japanese porn sites and took out the White House press secretary's feed. Pearce Delphin, whose Twitter name is @zzap, admitted exposing a security flaw which was then pounced upon by hackers, affecting thousands of users and causing havoc on the microblogging site for about five hours. Delphin, who lives with his parents in Melbourne, said he tweeted a piece of "mouseover" JavaScript code which brings up a pop-up window when the user hovers their cursor over the message. But the idea was soon taken up by hackers who tweaked the code to redirect users to pornographic sites and create "worm" tweets that replicated every time they were read."I did it merely to see if it could be done ... that JavaScript really could be executed within a tweet," Delphin told AFP via email. He added, "At the time of posting the tweet, I had no idea it was going to take off how it did. I just hadn't even considered it."However, a Scandanavian developer is claiming credit for enabling the vulnerability to go viral.Magnus Holm said he saw what Pearce did, then added extra code to make the worm retweet itself. According to The Guardian, Holm first thought the worm wouldn't do anything. "meh, this worm doesn't really scale. the users can just delete the tweet ," he wrote. Then he noticed the tweet started spreading virally. "holy shit. I think this is exponential: "3381 more results since you started searching," he wrote, then: "This is scary."Twitter apologised to its millions of users after the "mouseover bug" raged through the site, opening pop-up windows in Web browsers and automatically generating tweets from other accounts.White House press secretary Robert Gibbs and Sarah Brown, wife of Britain's former prime minister Gordon Brown, was among those hit by the bug before engineers patched it up.The "Netcraft" security website traced the malicious code back to Delphin, who said he got the idea from another user who employed a similar code to make his profile and tweets rainbow-colored. "After that, it seems like some of my followers realised the power of this vulnerability, and within a matter of minutes scripts had taken over my timeline," Delphin said.The glitch was mainly used for pranks, but Delphin said it could have been used to "maliciously steal user account details".Delphin was one of the first people in Australia to start using Twitter, back in 2006, and said the site had known about the problem for "months" but failed to patch it. The teen is just a few weeks off graduating from high school and hopes to study law. He had not yet told his parents about the cyberstorm he had created."I discovered a vulnerability, I didn't create a self-replicating worm. As far as I know, that isn't technically illegal. Hopefully I won't get in trouble!" he said.Twitter, which allows users to post messages of 140 characters or fewer, says it has more than 145 million registered users firing off more than 90 million tweets a day.It unveiled a major redesign of its website a week ago that is being slowly rolled out to users of the service across the globe.The company said the attack was not connected to Twitter's revamp.
