Aussie Student Responsible For Twitter Exploit

bennyboy64 writes "An Australian teen has caused havoc on Twitter by discovering an exploit that hit thousands of users, including Barack Obama's press secretary, and resulted in the tweets of a former British PM's wife linking to hardcore porn, The Sydney Morning Herald reports. Pearce Delphin, who is studying his last year at high school, said that he was surprised that 'so many famous people got infected.'"

Six Degrees

[TubeSteak]

Six degrees of Kevin Bacon pretty much ensures that famous people are going to get hit by the same kinds of malware that the rest of us have to deal with.

This is doubly true when the vector is a social networking site.

Virus or exploit

[stimpleton]

"so many famous people got infected."

I am not a vegetarian, but I get annoyed at people that proclaim "I am vegetarian. I only eat fish, cheese, and chicken."

Similarly, anyone who was exposed to the computer wrecking virus's of the 90's thru to 2002, know what "infection" really means. I am not a low level coder, only high level languages in a business environment, but I do wonder what some old skoolers must think when they read about a piece of HTML Javascript being described as "Infection". I am vegetarian, I will eat steak only if its well done.

Re:Six Degrees

[Culture20]

Six degrees of Kevin Bacon pretty much ensures that famous people are going to get hit by the same kinds of malware that the rest of us have to deal with.

Does this mean that Hollywood may not have been designed to route around Kevin Bacon in the event that Global Thermonuclear War takes him out? Can a dead Kevin Bacon star in such movies as "Weekend at Bernie Junior's" or as corpse-extras to keep the connections up?

Re:What I liked

[Superken7]

please read the rest of TFA, not just that sentence.

He just discovered it but did not exploit it in a malicious way. It was others who did that. I don't think he needs any "defense" for doing an alert('uh oh');

He probably means that its their responsibility that others abused the exploit that he did NOT write.

Not completely patched

[wbav]

I just found that in search results, twitter appears to be still affected by this bug. [youtube.com]

The video is still processing but should be up soon.

Re:who's responsible?

[spikenerd]

Your analogy has many flaws. Hackers do not enter your computer. Exploits are not typical methods of entry. Your home is not a service intentionally placed on the web for others to use. Let me see if I can fix it...

Suppose you post a mentally-handicapped guard at your castle gate. When you are gone, your enemy hands him a scroll with instructions and says "These are from your boss. He wants you to do them right away." The instructions tell him to ransack your bed-chamber and run your underwear up the flag-pole. The guard obeys. Who is to blame?

Re:"Responsible"

[Inda]

Forgive my ignorance, as I don't use Twitter, but they're supposed to be massive and they make these sorts of mistakes? It's a simple message board, no?

We were doing this sort of crap on vBulletin boards 10 years ago. Stealing cookies, redirecting, replacing images; all for kicks. After messing about for a week, everyone got bored and we had javascript events blocked on our own board.

This is exactly the kind of scenario

[Dracos]

This is exactly the kind of scenario I envisioned last week [slashdot.org]. This kid's intent wasn't malicious, but think of what a blackhat could do with the HTML5 ping attribute, directing many thousands of twitter users all hammering a single site (and url shortening sites go down as collateral damage) to death. It could originate from any social networking site.

The ping attribute needs to be dropped or considered much more carefully.