Aussie teen claims credit for Twitter attacks

A Melbourne teenager has flagged a Twitter vulnerability that led to overnight attacks on what security advisers say could be half a million users.

High School student Pearce Delphin discovered the cross-site scripting (XSS) flaw following user RainbowTwtr's demonstration of a similar vulnerability, which was used to modify the Twitter background. RainbowTwtr exploited the XSS vulnerability to change the profile background picture to a rainbow colour, and tweeted the script in an update. The code was quickly re-tweeted by hundreds of users.

Delphin inserted a mouse-over field containing JavaScript, and the phrase "uh oh" into a script similar to that used by RainbowTwtr. The phrase then appeared as a pop-up message when the mouse pointer hovered over the code. In a email, Delphin said he also created a script that would display a user'sTwitter cookie that includes private information.

For more of this story, read Melbourne teen behind Twitter attacks on ZDNet Australia.