Newsletter Archives

  • Look, don’t Tweet XSS Twitter

    Rob Rosenberger had me laughing with this “Emperor has no Clothes” assessment of Mikko Hypponen’s tweets regarding the new XSS Twitter worm.

    Neowin reports that the XSS Twitter worm – which only affects those of you who are on Twitter – was written by a bored 17-year-old, who takes full responsibility for the worm:

    Over the Easter weekend, Twitter fell victim to yet another attack against the micro-blogging service. This time the attacker was 17 year old Mikeyy Mooney, who claims full responsibility for the attack, saying “I am aware of the attack and yes I am behind this attack”.

    The attack was harmless in a sense that no passwords or users data was compromised or stolen, only leaving messages on peoples Twitter page such as “Dude, is awesome. What’s the fuss?”. The worm infected other Twitter users when someone visited another person’s page, making the worm spread rapidly. The messages linked users to Mikeyy Mooneys own web site which offers similar features and style as Twitter does.

    Mikeyy Mooney described how he carried out the attack, “I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.”

    Ah, the ingenuity of America’s youth. Put that kid to work! He’s an ace XSS programmer…