In a follow up to my earlier post it turns out that there were two, and not just one, attacks on Twitter this weekend, and both originated from the same source. The attacks which were mounted using cross-site scripting (XSS) were the work of Mikeyy Mooney, the 17-year-old creator of StalkDaily.com from Brooklyn, New York. Mikeyy was quoted as saying:
"I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website."
The attacks utilised a vulnerability by adding obfuscated scripts to the Name and More info URL entries in a Twitter user's settings.
Today, Twitter published the following blog post - Wily Weekend Worms.
Sunday, April 12, 2009
Twitter Under Attack (Part 2)
Easter Sunday Music
It's funny how many times I must have listened to this song and never really thought about the religious imagery in it. Great song all the same; Dave Matthews - Bartender.
Microsoft's 2019 Vision
This is a really cool video showing Microsoft's vision of technology in a decade. Having said that, I would be surprised if technology had only advanced this far. Really all we're looking at here is superfast data transfer, improved touchscreen technology and overall technology miniaturisation. Thinking about it, that's not really a huge leap for the next 10 years considering how far technology has come in the last 10 years. Consider how common it is now for someone to carry around a device capable of broadband speed wireless internet access and real-time video communication. I would definitely expect more in 10 years.
Twitter Under Attack
Everyone’s favourite micro-blogging service hasn’t had the greatest of weeks, and it looks like things may have just gotten worse. It appears that the site under went an attack early this morning by a worm originating from the site StalkDaily. Some comments have indicated that this is an XSS attack, while others indicate the attack may have originated from a Twitter third party applications. Although details are scarce it seems that when you visit the profile page of an infected user your profile will become infected as well, with the worm modifying your ‘About Me’ section to include a link to the worm. Infected users begin to repeatedly spam tweets directing users to the StalkDaily website.
Posts
