Feeds

back to article Twitter worm author gets security job

The self-confessed author of the recent Twitter worm has scored a potentially lucrative job doing security analysis and web development work. Michael "Mikeyy" Mooney, a 17 year-old student from Brooklyn, New York, created a worm that exploited cross-site scripting vulnerabilities in a ham-fisted attempt to promote a site he ran …

COMMENTS

This topic is closed for new posts.
Silver badge

So now we know, guys

Looking for a job in the recession? Now we know how to get one.

0
0
Paris Hilton

Twitter users

"Mikeyy didn't just waste the time of thousands of Twitter users..." Erm, weren't they doing that all by themselves anyway?

Paris... not wasting anyone's time.

0
0

Redundant

> Mikeyy didn't just waste the time of thousands of Twitter users

Imagine the losses to the world economy from those Twitter users' time being wasted! The Horror!

0
0
Anonymous Coward

Worm descrimination

So a worm that advertises something is ok but one that doesn't is not. My how spam has evolved.

Now if this 17 year old was ew say in his 40's and had AS and was British, would he of got offered a job I wonder.

Either way, nice to see some sanity take place, no harm was intended and he stuck his neck out enough to get noticed by a sane person who offered him a job. Albiet semi-advertising `hack a system - get a job` approach, which sadly alot of people try and fail at, things like ew prison, laws etc. But hey an industry that gets to recruit the people who generaly get caught is hardly going to get the best of the best, but still get some good people.

But hey at 17 (25 yrs ago) I wrote a mainframe worm, harmless, advertised a joke, nobody knew and I got me own job.

0
0

Pile of dead wood

"If we all gave up at the first point of contact with a company having security issues, I tend to think the net would be a smoldering pile of dead wood before long."

You mean it isn't already??

0
0
Stop

The grey line of irresponsibility

""Mikeyy didn't just waste the time of thousands of Twitter users - he also put them at considerable risk," said Graham Cluley, senior technology consultant at Sophos. "Imagine if financially-motivated hackers had seen what Mikeyy was doing and used the XSS flaw to steal identities and install malware, as Twitter scrabbled to get the problem fixed."

"So, Mikeyy proved two things with his worms. One was that there was a problem with Twitter. The other was that Mikeyy Mooney had no problem with acting irresponsibly. He may very well be skilled in some aspects of computing, but there are plenty of other people out there with those skills who have not shown themselves to have such questionable judgment," he added."

You can argue the sematics of this round and round, but the fact is that if he was as malicious and irresponsible as Mr. Cluley seems to think, then Mikeyy himself would have been using his worm to steal identities, installing malware AND making the supposed financial gain. But he didn't.

So, was Mikeyy's method of revealing the vulnerability irresponsible? Perhaps. But if he made a sincere effort to warn Twitter of their insecurity and they didn't acknowledge his finding, then his method is certainly more acceptable. There's not a huge difference between what he did, and what happens when people reveal security flaws for the first time at hacker/security conventions -- he just put his find in the wild, instead of in a contained environment. But as he's only 17 and had no professional experience, he didn't have much of a choice.

All I'm saying is that he probably could have caused a whole lot more damage and strife than what he did. But it seems he consciously chose not to, which shows at least a modicum of sense of responsibility.

0
0
Bronze badge

Interesting

The lad understands enough about html, Java and the Internet to write a script that spammed his website across Twitter... Clever, I bet he felt smug after that.

Yet he is not smart enough to secure his own systems. Not so clever, and rather humbling I suspect.

I wouldn't employ him, I don't need a tea boy anyway.

0
0
Anonymous Coward

Oopsy daisy!

That truly was a profound scalping in the seclists.org link. I almost feel bad for Mikey.

So once again- remind me not to store my passwords in a plaintext file on my not-so-secure server. Maybe then I can be a L33T hacker like this guy.

0
0
Silver badge
Flame

facepalm.jpg

"Travis Rowland, 24, ... is sympathetic to Mooney's situation because he once worked in military intelligence"

One half-baked twat chasing another, Benny Hill style.

0
0
Anonymous Coward

Title

"I doubt he still thinks it was worth it," Boyd concludes.

Go directly to career, do not pass higher education, do collect £200 repeatedly.

0
0
Coat

"Security Analysis"

Does he have any other skill than finding shit |XSS]?

Like bypassing html obscufactors (I can never spell that)

Lets just wait until the company he works for gets their databases dumped?

Damn noobs these days!

0
0
Coat

Hmmm I better start writing malicious code then

I've been looking for a IT security job for months

Nothing that pays anything half decent in my region of the UK. Sheesh

All I need to do is write a worm... piece of cake.

I'll take the one with my coding disks in the pockets

0
0
Pirate

remember

Never buy any products or deal with

exqSoft Solutions

nice to know who the cowboys are

0
0
Silver badge

One born every minute.

Travis Rowland, 24, founder and chief exec of Web applications development firm exqSoft Solutions"

::adds another company to the "never do business with" list::

What IS it with these chowderheads, anyway? You do NOT reward bad behavior, as any nursery school teacher (or good parent) will tell you! I wouldn't hire the brat until he managed to keep a clean nose long enough to get a Masters degree.

"sympathetic to Mooney's situation because he once worked in military intelligence""

Oh. That explains lots. The twit thinks working for the .mil is the same as a loner gaming a social networking site. Was Travis born a moron, or does he have to work at it?

New word time ... pulling a rowland, meaning rewarding a brat for being a brat.

0
0

@Nicholas Ettel

*If* Mikeyy Mooney did make a sincere effort to warn Twitter (quite a big "if" to my mind, as it hasn't been suggested before) and they ignored him then his response should never have been to unleash the worm.

*If* they had ignored him, a better thing would have been to have gone to a security journalist, demonstrated the flaw to the journo, and allowed the journo (without publishing details of how to reproduce it) to write about it. You can be sure that would get the attention of Twitter's powers-that-be.

But the fact is that there's no suggestion that Mikeyy has ever contacted Twitter to work out a responsible way of disclosing the flaw. Instead he endangered many innocent Twitter users and disrupted the business.

0
0
Alert

And guess what the *latest* Mikeyy worm says

In case anyone missed it, shortly after it was revealed that Mikeyy had been offered this job, a new worm was spreading around Twitter.

One of its messages?

"I work for exqSoft Solutions now - http://www.exqsoft.com/ - mikeyy"

Not a good sign. The CEO of exqSoft says he did not ask for the worm to be written and has been unable to contact his latest recruit to ask if he is the originator.

http://www.sophos.com/blogs/gc/g/2009/04/17/mikeyy-worm-targets-oprah-york-times/

0
0
Joke

Good news for Whacky Jacqui!

If this joker can get a security job for writing a worm, I reckon it'd be a cakewalk for her to become Prime Minister and also get a Dame Grand Cross too!

0
0
Thumb Down

Loser!

Any business who hires a loser who got caught I want to stay far, far away from.

Why not hire the guy who didn't get caught?

0
0

Nice scalping

Demonstrates the problem with strong passwords – it's almost impossible to remember them. They have to be recorded somewhere, and that can be more of a vulnerability than using weak but easy to remember ones.

0
0
Bronze badge
Happy

Intriguing misread

Am I the only person who read "convicted Kiwi botherder " as "convicted Kiwi botherer" ?

Yes, probably I am...

0
0
Anonymous Coward

Hahahaha

Whats the point in strong passwords if they're stored in one central place with no encryption?

Talk about missing the point.

0
0
Anonymous Coward

this kid is a joke

read more @ http://digitalgangster.com/4um/showthread.php?t=89949

- mx

0
0
mx

mike youre a joke

and I hope you read this thread

http://digitalgangster.com/4um/showthread.php?t=89949

0
0
This topic is closed for new posts.