Twitter: Can it make security a priority?
![larry-dignan-eic.jpg](https://www.zdnet.com/a/img/resize/ad5eaccb545ef683588243a9891d5f678df042df/2017/04/26/eb462fe7-e39e-43ba-abbd-c4ca2442306e/larry-dignan-eic.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
Twitter has been schooled by a 17-year-old hacker over a generic worm that has plagued the social messaging site. The big question: Can Twitter take security seriously as it wrestles with uptime issues.
Dancho Danchev has a nice dissection of Twitter's worm issues. Twitter was hit![twitterstalkdailyxssworm1.jpg](https://www.zdnet.com/a/img/2014/10/04/388de0ac-4bbf-11e4-b6a0-d4ae52e95e57/twitterstalkdailyxssworm1.jpg)
With or without the malicious intend of spreading malware, Mikey’s persistent actions aiming to prove Twitter’s inability to fix the cross site scripting flaws are illegal, and so is the potential compromise of iReel.com for hosting purposes of the JavaScript code. And whereas these campaigns did not introduce malware or tried to monetize the traffic by for instance installing scareware, different people have different motivations, so instead of waiting for the hardcore cybercriminals to take advantage of such flaws, Twitter should really start treating (trivial) cross site scripting flaws more proactively.
Of course, Twitter should be more proactive on security, but my hopes are extremely low. Why? Twitter can barely keep its own service running. Clearly, when a site is down a lot security goes to the back burner. After all, what's more important: Repeated Fail Whales or Mikey?
As Twitter scales, however, security is going to become a big problem. Twitter better get with the security program pronto.
Also see: Lesser of two security evils: Twitter Web or third-party clients?