Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Scripps Reporters Called 'Hackers' For Exposing Massive Security Flaw
Twitter aware of onMouseOver hack for months, claims 17-year-old who exposed it
Disclaiming innocence, Pearce Delphin -- who has the coolest name in the world -- says that he only discovered the vulnerability. "I did it merely to see if it could be done ... that JavaScript really could be executed within a tweet," he told AFP via email. The self-replicating worm came later, with the Guardian reporting that it was originally crafted by Masato Kinugawa and refined by Magnus Holm. Within hours, many mutations appeared -- shortly after, the Twitter offices in San Francisco groggily awoke, and the exploit was swiftly fixed.
Most importantly, however, Pearce says that Twitter knew about the problem for 'months.' It's not clear whether Pearce is talking authoritatively -- he might simply be stealing someone else's thunder -- but I'm sure Twitter will be quick to respond if he's wrong.
Update: Twitter actually fixed the bug last month, but seemingly made another change recently that brought it back.
Comments
3
Subscribe to commentsstopsatgreenSep 22nd 2010 10:53AM
In Twitter's blog post explaining the situation (http://blog.twitter.com/2010/09/all-about-onmouseover-incident.html) they explain that they knew about the vulnerability and patched it last month, but the patch was accidentally over-written in a subsequent code revision.
Sebastian AnthonySep 22nd 2010 10:55AM
Hah... classic :)
isotrexSep 23rd 2010 9:16PM
You're all wrong. This is just the beginning. This is Skynet.