Sunday, April 12, 2009

Twitter Under Attack (Part 2)

In a follow up to my earlier post it turns out that there were two, and not just one, attacks on Twitter this weekend, and both originated from the same source. The attacks which were mounted using cross-site scripting (XSS) were the work of Mikeyy Mooney, the 17-year-old creator of from Brooklyn, New York. Mikeyy was quoted as saying:

"I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website."

The attacks utilised a vulnerability by adding obfuscated scripts to the Name and More info URL entries in a Twitter user's settings.

Today, Twitter published the following blog post - Wily Weekend Worms.

No comments: