Aussie Student Responsible For Twitter Exploit

bennyboy64 writes "An Australian teen has caused havoc on Twitter by discovering an exploit that hit thousands of users, including Barack Obama's press secretary, and resulted in the tweets of a former British PM's wife linking to hardcore porn, The Sydney Morning Herald reports. Pearce Delphin, who is studying his last year at high school, said that he was surprised that 'so many famous people got infected.'"

What does he have to do with anything?

He neither discovered the exploit (it was on someone else's Twitter page) nor did he create the worm that abused it.

Re:What does he have to do with anything?

bullshit, it has to be true that he discovered the exploit, netcraft confirms it:
http://news.netcraft.com/archives/2010/09/21/twitter-users-fall-victim-to-new-xss-worm.html

Re:What does he have to do with anything?

[jeffmeden]

Reading comprehension fail.

"zzap appears to have discovered the vulnerability shortly after seeing RainbowTwtr's colourful use of CSS injection to display the colours of the rainbow."

He discovered *someone elses* use of the vulnerability. He then went on to make it more publicly known, and finally lamented the evil that was about to descend upon the twitterverse.

Re:What does he have to do with anything?

Correct. The actual exploit was discovered by a Japanese man who also discovered an earlier XSS attack on Twitter's dev servers. This story was manufactured by the Australian media.

"Responsible"

[iONiUM]

The summary kind of makes it sound like he's a kid who was looking for exploits and then used it to make a virus. This doesn't seem to be the case at all. According to the TFA he saw some people using CSS in their twitter posts, and wondered if he could use HTML/JavaScript (as I would be too). He found he could, did some experimenting, and his followers then started doing it too and it went viral (the idea), and then some malicious people found it, and went viral (the code).

I assume no punishment is being leveraged against him, but I'm sure many will misunderstand what happened and call for it anyways. Curiosity should be encouraged.

Not exactly

[Shyfer]

The article says he is the one that discovered the exploit, but he did not create the script that made 'tweets of a former British PM's wife linking to hardcore porn'. Just to clarify.

Re:What I liked

[conspirator57]

would you prefer it hadn't been found and exposed so it can be fixed?

or would you prefer that unknown criminals were the ones exploiting it fraudulently?

because with a latent bug like this, those are the choices.

Re:Virus or exploit

[hedwards]

Actually, cheese is OK in general for vegetarians. Chicken is never OK for a genuine vegetarian, and the term for somebody that only eats meat in the form of seafood would be a Pescetarian. But since many people are familiar with the term, a lot of them refer to themselves as vegetarian anyways.

Danish newspapers claims Norwegian boy did it

[FreakCERS]

According to this article http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=da&tl=en&u=http%3A%2F%2Fpolitiken.dk%2Ftjek%2Fdigitalt%2F1065381%2Fnorsk-dreng-fik-twitter-i-knae%2F (google translated) it was a Norwegian boy who discovered the bug. Not that it really matters, I suppose...

Re:Got a great career ahead of him

[Cwix]

He made a script that changed CSS, someone else used it for bad purposes. Hes not lucky, hes just a kid playing with computers that stumbled into something.

Re:who's responsible?

[reiisi]

Hmm.

Do you have what we in Texas call a drivers' license?

If you do, do you remember, in your first year or so of driving any stupid mistakes you made just because of your lack of experience?

Do you have you own home server exposed to the 'net? Have you scanned it with the vulnerability scanners available?

And so forth, without even trying to approach the damping effect on free speech that you are suggesting.