Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Bug Australia IT

Aussie Student Responsible For Twitter Exploit 122

Posted by samzenpus from the little-troublemaker dept.
bennyboy64 writes "An Australian teen has caused havoc on Twitter by discovering an exploit that hit thousands of users, including Barack Obama's press secretary, and resulted in the tweets of a former British PM's wife linking to hardcore porn, The Sydney Morning Herald reports. Pearce Delphin, who is studying his last year at high school, said that he was surprised that 'so many famous people got infected.'"
This discussion has been archived. No new comments can be posted.

Aussie Student Responsible For Twitter Exploit More

Aussie Student Responsible For Twitter Exploit

Comments Filter:

  • Got a great career ahead of him (Score:3, Insightful)

    by simonbp ( 412489 ) on Wednesday September 22, 2010 @03:09PM (#33666904) Homepage

    Got a great career ahead of him, if he wants...

  • I'd say Twitter is responsible. (Score:3, Insightful)

    by Beelzebud ( 1361137 ) on Wednesday September 22, 2010 @03:15PM (#33666994)
    It's their site, their code, and they set the rules.

  • Re:who's responsible? (Score:2, Insightful)

    by Rhacman ( 1528815 ) on Wednesday September 22, 2010 @03:22PM (#33667112)
    He's not responsible for Twitter's bad coding but I would say he acted irresponsibly by toying around with it and exposing it to the public rather than reporting it directly to Twitter staff. If a vending machine malfunctions and lets you get candy out of it without paying, it isn't the customers fault the machine malfunctioned but it doesn't make it right to take the candy or tell everyone in earshot that the machine is giving out free candy. Not saying how I would behave in that situation, just that it wouldn't be right ;)

  • From TFA... (Score:4, Insightful)

    by clone53421 ( 1310749 ) on Wednesday September 22, 2010 @03:26PM (#33667162) Journal

    After a "little bit of coding", he said he "managed to generate a dialog box containing the data from within the Twitter cookie file". He said "theoretically this could be used to maliciously steal users' account details".

    They make it sound difficult to alert(document.cookie)...

    But "the problem was being able to write code that can steal usernames and passwords while still remaining under Twitter's 140 character tweet limit", he said.

    Ah, so the 140-character limit is actually beneficial in some sense!

  • Re:who's responsible? (Score:4, Insightful)

    by $RANDOMLUSER ( 804576 ) on Wednesday September 22, 2010 @03:27PM (#33667178)

    ...either sloppy coding practices, or high pressure from clueless management to develop software quickly

    Dude, that's almost always an AND, not an XOR.

  • Re:who's responsible? (Score:4, Insightful)

    by clone53421 ( 1310749 ) on Wednesday September 22, 2010 @03:34PM (#33667264) Journal

    He didn’t really fathom the extent of the exploit, though. He thought it was just a novel toy to pop up alert boxes when you moved the mouse over the tweet. (Well, he actually got the idea of trying to steal users’ session cookies, but didn’t find a way to do it within the 140-character limit.) The idea that really allowed it to go viral – posting a new tweet – was conceived by someone else.

    Hell, I’ve done similar... “oh look, the layout of the page broke after I put a special char in that form element... I wonder if I can make it alert(document.cookie) using that? (sure enough) yup...” The main difference in this case is that (a) it was a massive social networking site and (b) other people could see his experiments and come up with their own little variations on the exploit, some of which were less benign than his experiments had been...

  • Re:What I liked (Score:3, Insightful)

    by vux984 ( 928602 ) on Wednesday September 22, 2010 @03:39PM (#33667340)

    This would be akin to running blind sql injection on websites, and using that as a defense when you got caught.

    Little Bobby Tables strikes again. ;)

    http://xkcd.com/327/ [xkcd.com]

  • Re:Who caused it? (Score:5, Insightful)

    by FuckingNickName ( 1362625 ) on Wednesday September 22, 2010 @03:40PM (#33667350) Journal

    Since the fall of Adam.

    Well, you did ask.

  • Re:who's responsible? (Score:2, Insightful)

    by Rhacman ( 1528815 ) on Wednesday September 22, 2010 @03:46PM (#33667428)
    Fair enough that it probably seemed harmless what he was doing, but it was still a mistake to do it even if it was only apparent in retrospect. I'm not saying crucify him, just that he does bear some portion of the responsibility however big or small.

  • Re:Six Degrees (Score:4, Insightful)

    by The_mad_linguist ( 1019680 ) on Wednesday September 22, 2010 @04:03PM (#33667654)

    See! You can't!

  • Re:who's responsible? (Score:5, Insightful)

    by matrim99 ( 123693 ) on Wednesday September 22, 2010 @04:10PM (#33667762) Homepage

    ...Suppose you post a mentally-handicapped guard at your castle gate. When you are gone, your enemy hands him a scroll with instructions and says "These are from your boss. He wants you to do them right away." The instructions tell him to ransack your bed-chamber and run your underwear up the flag-pole. The guard obeys. Who is to blame?

    Twitter.

    Oh wait, Microsoft.
    No... Google.

    Ooooh, Terrorists. Almost had me there.

  • He never exploited.. (Score:2, Insightful)

    by munky99999 ( 781012 ) on Wednesday September 22, 2010 @04:21PM (#33667910)
    He found the exploit... he didnt exploit anything. He is thusly not responsible at all. The mischievous users and twitter are the ones responsible.

  • Re:This is exactly the kind of scenario (Score:4, Insightful)

    by clone53421 ( 1310749 ) on Wednesday September 22, 2010 @04:29PM (#33668040) Journal

    think of what a blackhat could do with the HTML5 ping attribute, directing many thousands of twitter users all hammering a single site (and url shortening sites go down as collateral damage) to death. It could originate from any social networking site.

    And that’s any worse than, say, sending them all to a pastebin page that will repeatedly download all the images from the target website?

  • Re:Who caused it? (Score:3, Insightful)

    by iamhassi ( 659463 ) on Wednesday September 22, 2010 @04:30PM (#33668056) Journal
    "The guy who discovered the exploit, or the coding process which allowed it?"

    OH I know this one!!!

    What is... the guy that discovered the exploit!

    Because see, even though you discovered that the front door was left open it doesn't give you permission to go in. See how that works? Yeah I know it's very confusing, best just to not check if doors are open unless they're doors you own.

  • Re:"Responsible" (Score:4, Insightful)

    by ultranova ( 717540 ) on Wednesday September 22, 2010 @05:03PM (#33668540)

    Forgive my ignorance, as I don't use Twitter, but they're supposed to be massive and they make these sorts of mistakes? It's a simple message board, no?

    Twitter is a simple message board, but it's accessed with virtual machines that were never designed but just kinda happened - in other words, modern browsers. Combine that with the attitude some people still have that you need to filter - enumerate all bad things and check for them - rather than simply escape the user-input string, and it shouldn't be a surprise that these things keep on happening.

    Not that it really matters. An exploited website is like graffiti in real life: much ado about nothing.

  • Re:This kid did what exploit hunters do (Score:2, Insightful)

    by HornyBastard ( 666805 ) on Wednesday September 22, 2010 @05:33PM (#33668930)

    "This kid did what exploit hunters do, release code to the internet knowing it can be used for criminal purposes."

    According to that logic, if i stab you in the face, the guy who sold me the knife is responsible.
    This kid did not do anything wrong. All he did was let people know about the bug.

    car analogy:
    All he did was put a flyer in your window saying that if you switch on the headlights and the radio at the same time, your car will explode. He is now responsible if somebody else uses that knowledge to blow up a lot of cars.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close