Pearce Delphin, whose Twitter account is @zzap, admitted to posting a Javascript function in a tweet which was then recoded by hackers. The bug affected thousands of Twitter users over a five-hour span including White House Press Secretary Robert Gibbs' feed.
"I did it merely to see if it could be done ... that JavaScript really could be executed within a tweet," Delphin told AFP via email. "At the time of posting the tweet, I had no idea it was going to take off how it did. I just hadn't even considered it."
Luckily, hackers used the code mainly for pranks but according to Delphin, the code could have been exploited to steal user account information.
"The problem was being able to write the code that can steal usernames and passwords while still remaining under Twitter's 140 character tweet limit," he said. "Luckily, no one, as far as Twitter admits, actually used this to extract passwords from users."
No comments:
Post a Comment