Twitter had a rough Easter weekend. The little blue bird (and its friend the fail whale) came down with a case of worms this weekend.
Ouch.
From ReadWriteWeb:
Just hours after Twitter began removing the first cross-site scripting vulnerability that hit its site this weekend, a new modified strain has been found, and according to F-Secure, it’s not the last one we’re likely to see over the next few days.
“This is not over. There’s going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don’t view profiles, don’t follow links. It’s beautiful outside, maybe go for a walk instead?” Mikko said on the F-Secure blog earlier today.
According to Breaking News, Mikeyy Mooney, the 17 year-old owner of StalkDaily.com, has reportedly admitted responsibility for yesterday’s attack.
The odd thing was that a complete fix was not the mode of repair but, from all reports the approach was a piecemeal one. Odd. So, variants of the worm were able to propagate simply by obfuscating the code.
Blargh.
The part that amazes me is that the author of the worm put his hand up and said (paraphrase) “my bad”. Um, yeah.
The source code for the worm is published here and has lead to several versions causing trouble.
For the full article read on.
More from Mashable
[tags]Twitter, XSS Worm, Twitter Vulnerability[/tags]