The Twitter worm that has been running rampant was the brainchild of a 17 year old kid from Australia, named Pearce Delphin according to sources at AFP.
The teenager had worked out the flaw to allowing javascript code to appear in tweets and he posted some code which was picked up by hackers and diverted into malicious ideas, such as diverting to a japanese porn site and relaying garbled window messages. This code spread so easily because rather than having to click something people only had to hover over a link to trigger the action.
“I did it merely to see if it could be done … that JavaScript really could be executed within a tweet,” Delphin told AFP. “At the time of posting the tweet, I had no idea it was going to take off how it did. I just hadn't even considered it.”
While this sounds like the overactive mind of an intelligent young man Twitter was in chaos for about five hours before the bug got stomped. The New York Times reported Twitter had known about the problem in August and had actually fixed it, though an update not related to last week's redesign had revived the problem.
Twitter issued a statement: “Early this morning, a user noticed the security hole and took advantage of it on Twitter.com. First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. This is why folks are referring to this an ‘onMouseOver' flaw – the exploit occurred when someone moused over a link. Other users took this one step further and added code that caused people to retweet the original Tweet without their knowledge.”
KitGuru says: Nothing is more dangerous than a bored teenager.
That guy is my hero… killing twitter with JAVA code (Without even knowing) brilliant!