Wednesday, September 22, 2010

The geeks who saved Twitter

Posted By on Wed, Sep 22, 2010 at 10:03 AM

OK, "saved" might be a little dramatic, but they did help identify and stop a problem, created by a 17-year-old Australian. It appears the teen was just experimenting, but then hackers pounced and the rest is virtual history.

You may or may not have noticed the "onmouseover" hack yesterday, and if you use a third-party Twitter client (like TweetDeck or HootSuite) you may have only heard about it in passing though your daily deluge of Tweets. Essentially, if you viewed your account on Twitter's website, you may have noticed some Java script or a black box. If you waved your mouse pointer over Tweets with those features, you could have been redirected to a Japanese porn site and your Twitter account may have been briefly hacked with a similar creepy message sent out in your name.

Fortunately, the uber-Techy among us picked up on the problem right away and swooped in to save the day. In the end, the hack was doable thanks to a loophole in Twitter's code. Oops.

Here's more about the hero-geeks:

But hours before the news broke in the U.S., a few select Twitter users in the UK had already been working to stop it from spreading—of course, while playing around with its code.

It was around 11 a.m. UK time (that's 6 a.m. EST and 3 a.m. Twitter HQ Time) -- three hours before Press Secretary Gibbs' sent his chaotic, infected tweet -- when a Quality Assurance (QA) employee named Daniel Bennett, busily testing software in IT, first noticed a strange tweet in his feed. Alongside the code, it read simply: "this could be an issue."

Bennett's not 100 percent sure, but he believes that the individual who sent this tweet was the first person to see the attack—the so-called Patient Zero. "I think [that tweet] was the person that first found it." he told The Daily Beast.

Bennett, 20, kept a close eye on the developing situation -- it wasn't very widespread yet. In fact, as far as he could tell, he was one of only three people in the world who were aware of it.

To confirm the existence of the vulnerability—and explore its potential for disaster—Bennett played around to see how bad this could be. As he tells it, it "turned out very bad."

Using a simple JavaScript command, he drafted a 110-character line of code that, when activated, launched a pop-up box with the message: "I HAX YEW <3." ("I hacked you.")

"That's an ace bug," he said.

Read the rest of this Daily Beast article, by Brian Ries, here.

A video about the hack:

Rhiannon "Rhi" Bowman is an independent journalist who contributes snarky commentary on Creative Loafing's CLog blog four days a week in addition to writing for several other local media organizations. She will be a guest on WFAE's "Charlotte Talks" program Sept. 23rd where she'll discuss coal ash. She'll also be live-Tweeting from TEDxCharlotte Sept. 24. Additionally, she's on the steering committee for the Greater Charlotte Society of Professional Journalists. To learn more, click the links or follow Rhi on Twitter.

Tags: , , , , , , , , , , , ,

Pin It
Submit to Reddit


Subscribe to this thread:

Add a comment

Creative Loafing encourages a healthy discussion on its website from all sides of the conversation, but we reserve the right to delete any comments that detract from that. Violence, racism and personal attacks that go beyond the pale will not be tolerated.

Search Events
items in Creative Loafing Charlotte More in Creative Loafing Charlotte pool

© 2018 Womack Digital, LLC
Powered by Foundation