A 17-year-old Australian who goes by the Twitter handle @zzap says he exposed the cross-site scripting flaw that led to Tuesday’s widespread Twitter worm, dubbed onMouseOver.
Internet services company Netcraft also documents Tuesday's timeline well, noting that "zzap appears to have discovered the vulnerability shortly after seeing RainbowTwtr's colourful use of CSS injection to display the colours of the rainbow."
Also see: 12 CIOs who tweet
The Twitter security breakdown, which Twitter explains in a blog post, was resolved within a few hours and mainly resulted in some experimental and prank worms, such as turning Tweets different colors when a user moused over them. Exploits also redirected some Twitter users to hardware Japanese porn sites and messed with the White House Press Secretary’s account.
Computerworld’s Gregg Keizer reported that one reason the flaw was not apparently exploited by cybercriminals is that user feedback on social networking sites like Twitter helps to ensure a site’s security team gets pretty quick feedback on problems.
Twitter suffered a security issue last year that stemmed from a teen’s tinkering as well: the Mikeyy (also StalkDaily) worm was unleashed by a teenager.
In the end, Twitter apologized to users who may have encountered problems.
Read more about wide area network in Network World's Wide Area Network section.