Australian teen triggers global Twitter scare

Video settings

More video
56K modem

Video will begin in 5 seconds.
Email

Automatically detect my connection speed (recommended)

But later, some mischievous users of the site started using the exploit to make people “retweet” infected messages (when they hovered over a tweet with the code inserted) that they had not authorised. “I analysed the code within these ‘rainbow tweets’ more carefully, and it became evident that you could use any Javascript or HTML [code] rather than just CSS [code] - which meant that instead of just changing the appearance of the tweet, you could actually execute commands within the user's browser."

He said that after he started noticing the exploit, some of his followers "realised the power" of the vulnerability, "and within a matter of minutes scripts had taken over my [Twitter] timeline". "First, someone created an account that exploited the issue by turning tweets different colors and causing a pop-up box with text to appear when someone hovered over the link in the Tweet. "In all the four years of using Twitter, this is the first time I recall a security hole spreading at the rate it did."

Asked what he had gained from discovering the exploit, he laughed, saying: "Apart from [Twitter] followers?"

More seriously, he added: "I guess I have gained knowledge of how easy information can spread throughout social media networks. Twitter user @judofyr was then the first one to create a self replicating retweet worm by accident, he said, while some New Zealand Twitter users used the vulnerability to create a malevolent worm deliberately. "The effects on the site had it been day time there could have been a lot worse. "I guess regardless of power or fame, on the internet you have to be as careful as everyone else about security risks; this is one of the few areas that affects everyone on an equal scale."

News site Netcraft said it appeared as though Pearce found the exploit by looking at another Twitter page that took advantage of a similar exploit but only changed the colour of Twitter messages. Literally moments after I had tweet[ed] the ... He said it was first discovered by Twitter user @kinugawamasato, who changed the colour of tweets. "Luckily when this vulnerability first got out, it was apparently the middle of the night in North America," he said. He said "theoretically this could be used to maliciously steal users' account details". exploit prior to it being touted in public. Pearce was then the "first person to report the Javascript vulnerability", he said, which made alert boxes appear when users hovered over tweets. But "the problem was being able to write code that can steal usernames and passwords while still remaining under Twitter's 140 character tweet limit", he said. "Other users took this one step further and added code that caused people to retweet the original Tweet without their knowledge."

It said the "vast majority" of exploits related to this incident fell under the "prank or promotional" categories. He said it was Twitter's responsibility, not his, to keep the site secure. However, we are not aware of any issues related to it that would cause harm to computers or their accounts," it said. Twitter engineers were pressed into finding a fix for the exploit within hours of it being discovered. Twitter, which allows users to pepper one another with messages of 140 characters or less, has more than 145 million registered users, co-founder Evan Williams said recently.The author of this post is on Twitter: @bengrubb

With AFP Speaking to this website, Pearce, who is studying year 12 at Penleigh and Essendon Grammar School, said that he was surprised that "so many famous people got infected". "Not wanting to get my account banned, since I've been a Twitter user since 2006, I was very careful to the kind of script I posted (unlike some, who were very liberal at posting self replicating worms like @Matsta, who subsequently got their account suspended)," he said. Pearce confirmed this, however, there has been some confusion over who first created certain parts of the exploit. script, I had dozens of replies in shock, questioning how I managed to do that."

Realising this, he said, it got him thinking how hard it would be to extract personal information from a user using the exploit. However, the fact that this vulnerability was omnipresent for hours, with no word from any of the Twitter staff, before it was fixed, meant there was lots of confusion and distress within the Twitter community, as the safety of the site was questioned."

Asked whether he thought it was irresponsible to discover and then tweet the exploit he had found, he said: "The situation could have been handled better if Twitter had been notified of the ... Pearce added that this was "the first time" he had found any kind of exploit on Twitter. Pearce said Twitter "probably could have handled it better" when questioned on its ability to fix the exploit. After a "little bit of coding", he said he "managed to generate a dialog box containing the data from within the Twitter cookie file". "And, there is no need to change passwords because user account information was not compromised through this exploit."Security expert Graham Cluley of computer security firm Sophos said the bug only affected users of the Twitter.com website and not third-party programs developed to access the popular microblogging service.Mr Cluley said the bug was allowing messages to pop-up and third-party websites to open in a web browser including links to pornography sites.He said that Brown's tweets had redirected followers to "a hardcore porn site based in Japan"."It looks like many users are currently using the flaw for fun and games," Cluley said. "But there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed," he said.The infected links look like regular "tweets", but contain lines of random computer code or are completely blacked out like a message that has been redacted. "Users may still see strange retweets in their timelines caused by the exploit. "When one considers entities like the White House, you don't expect someone to actually be sitting there refreshing the Twitter home page and mousing over links from whoever they're following," he said. He said he gained an extra 130 followers from tweeting about the exploit. "However, it is not the job of the user to protect the integrity of a third party site; Twitter ultimately has a responsibility of ensuring its site is safe for its users itself."

Computer security firms said thousands of users, or more, were affected by the exploit.Those whose accounts were hit included Sarah Brown, the wife of the former British prime minister Gordon Brown, who has more than a million Twitter followers, and White House press secretary Robert Gibbs."My Twitter went haywire - absolutely no clue why it sent that message or even what it is ... paging the tech guys," Gibbs wrote on the site.Twitter said it had identified the attack and that it had been "fully patched". "Early this morning, a user noticed the security hole and took advantage of it on Twitter.com," Twitter said on its blog.

Twitter hacked

Feedback to producers

Medium-speed broadband (300+ Kb/s)

Twitter for dogs has arrived

Replay video

Provide feedback to the multimedia producers.
Click to play video

Don't play

Video feedback

Subject
Click to play video

Click to play video

Return to video

Gadgets for modern media
Ask for technical assistance in playing the multimedia available on this site, or

Recommended

Video settings
The social network was speedily alerted by a stream of angry tweets. Twitter was the target of a hack, which caused an invasive pop-up to occur.

Video feedback

Use this form to:
 
Video settings form
Other

UPDATE

An Australian teen has caused havoc on Twitter by discovering an "exploit" that hit thousands of users, including US President Barack Obama's press secretary, and resulted in the tweets of a former British PM's wife linking to hardcore porn. Illustration: Ben Grubb/wires Twitter CEO Evan Williams and Pearce Delphin (@zzap). Melbourne student Pearce Delphin, 17, triggered the Twitter scare by testing computer code that opened alert boxes in web browsers saying "uh oh" when a user hovered over infected messages or tweets, with their mouse.

Comments

High-speed broadband (600+ Kb/s)
Thank you.
What type of connection do you have?

Web inventor rejects 'dead' claim

Click to play video

Technical help

Return to video
Video feedback
Return to video
News anchor in marketing scam
Your feedback was successfully sent.
Video feedback form
Play now

Home broadband (100+ Kb/s)

Name
Note: A cookie will be set to keep your preferences.

How is it possible to make a harlequin seem tough? The right combination of rock music, self-assured strutting, parkour, and stabbity, according to this trailer for Assassin’s Creed: Brotherhood‘s multiplayer mode. We thought it was odd that the Harlequin character featured so heavily in this video, since it’s a GameStop pre-order exclusive — and then the GameStop ad kicked in at the end. Oh.

Promotional consideration aside, the trailer is a very stylish look at the game’s multiplayer, which tasks players with spotting assassination targets (other players) in crowds and then successfully ending them using each character’s unique abilities. There are also new character renders and a few new screens, which you can find by sneaking up on our gallery very quietly.

Continue reading Kill some time with Assassin’s Creed: Brotherhood multiplayer footage

JoystiqKill some time with Assassin’s Creed: Brotherhood multiplayer footage originally appeared on Joystiq on Fri, 23 Jul 2010 13:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | <a href="http://www.joystiq.

Our preview of Hydrophobia from E3 2010 covered what we saw in the first installment of the planned trilogy; however, if you want an idea of what to expect in the next installment, we got a better idea by checking out the game’s “Challenge Rooms,” which unlock only after the player finishes the main campaign. What’s tucked after the break may be considered spoiler-ish, so click on through if you’re willing to take the plunge.

Gallery: Hydrophobia

Continue reading Hydrophobia’s ‘Challenge Rooms’ test powers slated for its sequel

JoystiqHydrophobia’s ‘Challenge Rooms’ test powers slated for its sequel originally appeared on Joystiq on Wed, 23 Jun 2010 22:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | <a href="http://www.joystiq.

Shigeru Miyamoto
Nintendo of America boss Reggie Fils-Aime may be committed to improving the online experience on the Big N’s platforms, but legendary designer and Guy Who Makes Things Happen[TM] at the company, Shigeru Miyamoto, doesn’t seem inclined to exactly reinvent network play with 3DS. “We look at [online] more in terms of what can we do to provide that Nintendo flavor or magic to that community or connection experience,” he told IGN Australia in an E3 interview the site just now found behind its virtual sofa cushions.

“One of the ways that we’re looking at doing that, is the idea of really strengthening the tag mode functionality,” he explained, referring to an “always on” data-sharing feature most famously employed by Dragon Quest IX on DS. “We think that there will be some unique ideas that come out of that, and that it will have a very unique Nintendo flavor to it. ” So, not voice chat or friend code-free multiplayer then?

Speaking of exchanging things with other 3DS owners: what of Miis? Already transferable from Wii to current DS titles such as Tomodachi Collection and Personal Trainer: Walking, Miyamoto commented that the pint-sized avatars moving to-and-fro between future platforms is “something that we’re definitely giving consideration to,” and that there’s a desire to “continue to try to allow people to use their Miis on different Nintendo systems going forward. ” We can certainly get down with the idea of 3D Miis — or, as we call them, “3Miis. “

JoystiqMiyamoto on Miis migrating to 3DS, evolving network play on the handheld originally appeared on Joystiq on Wed, 07 Jul 2010 20:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | <a href="http://www.joystiq.

At E3 2009, we played Nintendo’s Line Attack Heroes, a bizarre action game, designed by Secret of Mana creator Koichi Ishii. In the game, players build a line of allies, which is used to attack enemies. While fun, the simple gameplay and single-screen level design seemed like an experience better fit for WiiWare instead of the proposed disc release.

Surprise! The game has been turned into a WiiWare title, due out next Tuesday (in Japan) for just 1,000 Wii Points. The odd fighter still features cooperative and competitive multiplayer modes, including Battle Royale, Flag Battle and Tag Match. All of these multiplayer game types are demonstrated in video on Nintendo of Japan’s site; though with four small armies running around the tiny rectangular arenas, it’s pretty incomprehensible.

Given its appearance as a retail title at E3 last year, Line Attack Heroes would seem to be a title Nintendo is interested in localizing. It’ll be even easier to do so now that it’s been transitioned to WiiWare.

JoystiqNintendo’s ‘Line Attack Heroes’ moves from retail to WiiWare originally appeared on Joystiq on Fri, 23 Jul 2010 16:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | <a href="http://www. joystiq.

Social media and mobiles require new response to teen cries for help

Advertisement: Story continues below

Seventeen teenagers killed themselves last year, up from 12 in 2008, according to yesterday’s annual report of the NSW Child Death Review Team. Six children called friends using their mobile phones and one wrote a blog, but most teenagers did not know who to contact once they had received such a message, said Megan Mitchell, the NSW commissioner for children and young people. SUICIDE is on the rise among teenagers – and many are choosing mobile phones and social networking sites to alert friends and family to their plans, presenting mental health experts with new challenges.
Two deaths occurred in the context of severe family dysfunction and two of the children had experienced significant school-related difficulties. Six had been diagnosed with a mental illness and three had undiagnosed mental health issues. The team had recommended people be educated to ”identify and respond to warning signs, tipping points and imminent risk factors”, in light of the communication mediums used by children to inform peers of their intention to kill themselves, she said. ”It is clear from the team’s report that kids need greater assistance about how and when to tell others of their concerns for their friends, especially with a changing technological world. It can be challenging for peers and they need to know what to do, who to tell and to be supported to do so,” Ms Mitchell said. The audit found that 12 of the children had experienced enduring difficulties and two had suffered a pivotal life event. Thirteen of the 17 children hanged themselves. Lifeline 131 114Kids helpline 1800 551 800

  One died by jumping from a high place and three died by lying in front of a car or train.

Preview: Mortal Kombat

While E3 attendees file out of a darkened room after a demonstration of the new Mortal Kombat, series co-creator Ed Boon is approached by a pair of enthusiastic fans. He gladly gives them a few autographs, and his face lights up in surprise when he learns that they’ve grown enamored with the fighting franchise in their 18 years of existence — despite being born well after its inception. Has Mortal Kombat really been around for almost 20 years?

Working from NetherRealm Studios — owned by Mortal Kombat‘s new custodian, Warner Bros. Interactive Entertainment — Ed Boon doesn’t limit his interaction with fans to chance encounters. The upcoming reboot is being driven by three major requests from series fans, which Boon calls his “marching orders.” They’ve suggested a return to the M-rated presentation following 2008′s Mortal Kombat vs. DC Universe (check), a deeper fighting system (check) and, of course, a new set of outrageous fatalities (check out that perforated spleen).

Boon claims that every combatant’s interior, from the soon-to-be-shattered bones to the sickeningly squishy internal organs, has been modeled. It’s not often that you get to literally see an artist’s blood, sweat and tears in a game, but Boon assures me that when attacks find their mark, all “that shit pours out of them. “

Continue reading Preview: Mortal Kombat

JoystiqPreview: Mortal Kombat originally appeared on Joystiq on Sun, 20 Jun 2010 18:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | <a href="http://www. joystiq.

Scott Pilgrim vs.

While it’s unlikely Scott Pilgrim vs. the World will be sold out when it launches on the PlayStation Store’s virtual shelves next month, you may still want to pre-order the game. Ubisoft’s official online store is throwing in a special bonus: a free “Sex Bob-omb” t-shirt for your PlayStation Home avatar.

Okay, this may not be the most exciting pre-order bonus ever concocted, but there’s still good reason to be excited. The Ubishop has Scott Pilgrim listed at $9.99, bucking the recent trend of $15 downloads. We definitely approve.

JoystiqScott Pilgrim vs. the World price, pre-order bonus announced originally appeared on Joystiq on Sat, 24 Jul 2010 00:20:00 EST. Please see our terms for use of feeds.

Permalink | Email this | <a href="http://www.joystiq.

The Beatles are a tough act to follow. And so, several weeks from the release of Green Day: Rock Band, publisher MTV Games has some promoting to do. MTV Games GM Scott Gutherie recently explained the reasoning behind picking the younger, less “classic rock”-oriented band for its next single-act music game following The Beatles: Rock Band.

“We were pleased with the performance of Beatles: Rock Band, but we were expecting higher sales,” Guthrie said. “Our core audience of 16- to 34-year-old males are much more familiar with Green Day music than The Beatles. ” Targeting the core gaming audience with a band active during their lifetimes certainly seems like a sensible business move, though it does signal a move away from the kind of market expansion MTV and Harmonix were attempting with Beatles. However, Guthrie’s suggestion that “Green Day probably has a much higher awareness than perhaps The Beatles did” seems like a stretch. Everyone knows The Beatles.

The clear market advantage that the Green Day game does have is the benefit of being compatible with Rock Band’s existing and ever-growing library, as its tracks are exportable (for a fee) to Xbox 360 and PS3 hard drives and playable in the main iterations of the series. Though Guthrie didn’t say as much, it’s possible Beatles sales suffered because the game was a standalone project, which didn’t mesh well with the Rock Band ethos and its core demographic.

JoystiqGreen Day: Rock Band more familiar to ‘core audience’ than The Beatles, MTV Games says originally appeared on Joystiq on Fri, 14 May 2010 14:30:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | <a href="http://www.joystiq.

Wi-Fi hotspots help ferries cater to harbour site-seers

Photo: Simon Alekna Daniel Brown 19 years old of Manly uses free Wi-Fi on the Queenscliff ferry to Manly.
”The key to providing Wi-Fi free to consumers is finding somebody who is happy to fund it while at the same time getting something out of it for themselves,” he said. MIMP has put internet-connected systems on government buses in Adelaide and Perth that give passengers not only timetable information and security coverage but Wi-Fi access for laptops. Ruwan Weerasooriya’s company CafeScreen provided the system for Manly Fast Ferries and said the technology’s spread was inevitable. The government will continue to look at ways to extend new services like Wi-Fi to public transport users.”

An Adelaide company is providing a glimpse of the Wi-Fi future for public transport. McDonald’s and small cafes provide most of the free services. ANZ Bank has also gone into Wi-Fi in a big way, helping to fund the government’s Manly Ferry experiment and sponsoring free Wi-Fi hotspots in 100 cafes in the Sydney, Melbourne and Brisbane business districts and at ANZ Stadium’s gold members’ lounge. MIMP Connecting Solutions is testing a bus passenger information service with a spin-off that could revolutionise the use of Wi-Fi in Australia and put the technology into trains, buses, taxis and private cars. NSW has about 1000 Wi-Fi hotspots – most in Sydney. In June Wi-Fi was introduced on Manly ferries for a three-month trial, allowing laptop users to use the internet while sailing to and from the city. Commuters who log on to the system are limited to 20-minute sessions and a download of 50Mb so they do not slow the system for other users. And this month, the government started another pilot program offering commuters Wi-Fi access at Circular Quay station. ”RailCorp is now trialling free Wi-Fi at Circular Quay station and since last week when the trial began about 3000 commuters have accessed the service. ”It would be simple to put into into public transport,” Michael Baker of MIMP said. Half are free. With many of Sydney’s cafes, libraries and pubs already offering free or low-cost Wi-Fi access, the state government is joining the party, creating wireless hotspots on train stations and even ferries.   IT IS an invisible revolution and it is gaining momentum. ”Until now innovations in IT have been driven by corporations but if consumers demanded this sort of free access to a service, governments would undoubtedly react to what people want.”

The government jumped on the Wi-Fi bandwagon only after Manly Fast Ferries, one of Sydney Ferries’ private rivals on the Sydney-Manly run, began offering internet access in May. The Minister for Transport, John Robertson, said yesterday it had been a huge success with more than 60,000 passengers logging on so far.