Hole Found in Twitter, Exploited
There has been a lot of hype around the recent exploitation of Twitter in the last couple of weeks. The micro-blogging giant discovered first hand of how powerful their own software is when a script quickly spread around their user’s profiles, delivering messages to thousands of Twitter users almost instantly.
There were two so called worms that made their way across the “Twitesphere” spreading like a wild fire and creating a huge discussion on the net about topics such as security, validation and of course user data privacy.
StalkDaily Worm
This worm hit Twitter with a bang and quickly spread around whilst promoting a website called Stalk Daily, an apparent competitor to Twitter.
This type of exploitation is known as a XSS (Cross-Site Scripting) Attack which means that malicous code is injected into fields that users have the ability to enter data to. This meant that every time someone visited the infected profile it was able to run whatever the script wanted it to do.
This specific worm spread messages to Twitter follows telling them to visit a competitors sites as well as spread the worm on to the profile.
Mikeyy Worm
The Mikeyy worm was a bit less “destructive” and more of an irritation. It used the same attack as the StalkerDaily worm which led to critism of Twitter and if they had really fixed the hole found by the previous worm.
The Mikeyy worm updated profiles with messages like “This worm is getting out of hand Twitter. – Mikeyy” and “Twitter, your community is going to be mad at you… – Mikeyy”.
Simple Fix Made Complicated
The reason that this happened is pretty simple. All the fields that could have information entered in by Twitter users was not getting validated and which allowed the creators of the worms to enter harmful script which would run everytime their profile was viewed. Both the worms exploited this hole to great effect.
This hole is very commom with start ups and usually ends up with this exact case before the whole is patched up. Apparently Twitter has fixed the proplem entirely but with much difficulty. Twitter assures that no user data was exposed and that all private personal details remained that way which was a main concern for many Twitter users.
TechCrunch info on Mikeyy and StalkerDaily worms
This was posted by Seagyn Davis who has posted 212 items.
