Twitter: Can it make security a priority?

Twitter has been schooled by a 17-year-old hacker over a generic worm that has plagued the social messaging site.  The big question: Can Twitter take security seriously as it wrestles with uptime issues. 

Dancho Danchev has a nice dissection of Twitter's worm issues. Twitter was hit

with at least four variants of the StalkDaily.com XSS worm over the weekend and into Monday (Techmeme). In English, the worm hijacked accounts and advertised the author's Web site. No real damage was done---this time. Next time that worm may deliver a malware payload. 

Dancho walks through the history behind how Twitter said it fixed the flaw only to have its pesky 17-year-old, Mikey Mooney, prove it wrong. Dancho's real message is this:

With or without the malicious intend of spreading malware, Mikey’s persistent actions aiming to prove Twitter’s inability to fix the cross site scripting flaws are illegal, and so is the potential compromise of iReel.com for hosting purposes of the JavaScript code. And whereas these campaigns did not introduce malware or tried to monetize the traffic by for instance installing scareware, different people have different motivations, so instead of waiting for the hardcore cybercriminals to take advantage of such flaws, Twitter should really start treating (trivial) cross site scripting flaws more proactively.

Of course, Twitter should be more proactive on security, but my hopes are extremely low. Why? Twitter can barely keep its own service running. Clearly, when a site is down a lot security goes to the back burner. After all, what's more important: Repeated Fail Whales or Mikey?

As Twitter scales, however, security is going to become a big problem. Twitter better get with the security program pronto.

Also see: Lesser of two security evils: Twitter Web or third-party clients?

How to end the Fail Whales? With Blue Whales.