Twitter Vulnerability: Mutating Fast and More on the Way
Just hours after Twitter began removing the first cross-site scripting vulnerability that hit its site this weekend, a new modified strain has been found, and according to F-Secure, it’s not the last one we’re likely to see over the next few days.
“This is not over. There’s going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don’t view profiles, don’t follow links. It’s beautiful outside, maybe go for a walk instead?” Mikko said on the F-Secure blog earlier today.
According to Breaking News, Mikeyy Mooney, the 17 year-old owner of StalkDaily.com, has reportedly admitted responsibility for yesterday’s attack.
“I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.”
