On the subject of the Twitter brouhaha from yesterday, apparently the vulnerability in the site’s code that led to all the pop-ups, worms, and general merriment enjoyed by spammers and hackers was discovered by a 17-year-old Australian named Pearce Delphin.
Apparently Delphin simply posted JavaScript code inside a tweet that caused a pop-up window whenever someone hovered over the posted text. In an interview with the AFP, Delphin said the following:
“I did it merely to see if it could be done… At the time of posting the tweet, I had no idea it was going to take off how it did. I just hadn’t even considered it…
After that, it seems like some of my followers realized the power of this vulnerability, and within a matter of minutes scripts had taken over my timeline.”
The ability to run code in this manner could have theoretically led to some serious privacy breaches, such as writing code that steals users’ account credentials. However, “The problem was being able to write the code that can steal usernames and passwords while still remaining under Twitter’s 140 character tweet limit,” said Delphin.
Twitter has since patched up the vulnerability, which Delphin said they knew about for “months.” Twitter’s official stance is that its engineers “discovered an patched this issue last month. However, a recent site update (unrelated to new Twitter) unknowingly resurfaced it.”
More on Techand:
What Does The New Twitter Actually Do? A Picture Guide For The Updated Features
