[Update] Title changed
Although the one variant which British ex-prime minister’s wife Sarah Brown distributed pointed Japanese porn site, Japanese Twitter users seemed to catch scripts which are rather harmless, “Rainbow Twitter”, “Konnichiha Konnichiha”, etc. worms. So Japanese Twitter users could notice the issue without trapping their followers in serious way and could avoid using Twitter.com website and few Twitter clients which have the same vulnerability.
The “Rainbow Twitter”(@RainbowTwtr, now it is safe to visit as Twitter fixed it.), which was claimed to be started by a Japanese blogger @kinugawamasato, who tweeted that he is the person who had reported this vulnerability “XSS-after-@” issues to Twitter on August 14th.
The colour-changing tweets were posted around 4:37 p.m. Japan Standard Time. (12:37 a.m. PST) [link]
He wrote “This issue is critical but Twitter had not fixed it for long, in addition, Twitter themselves has been showing their low-awareness to it by leaving this vulnerability. So I decided to show the rainbows, by thinking it is better to let them recognize the gravity of the situation and take countermeasure than the security hole maliciously and secretly used.”
I have not confirmed if this @kinugawamasato’s warning script was the first one among the all different scripts stormed Twitter.
He also tweeted “The issue is being recognized now because distributed in shocking way, but the vulnerability has been there regardless I stated or not. I would like to ask Twitter why they had not fixed urgently before it was widely spread. There were people who noticed the test page.”
What he pointed above is a page on github, source-code hosting service. There Matt Sanford publicized the test code which can cause the same color-change on Twitter on August 25th.
The “Konnichiha Konnichiha”(“Hello, hello” in Japanese) worm was done by @Hamachiya2, who is known to play on XSS security hole with that phrase on many web services including Mixi and Hatena. He seemed to see the Rainbow Twtr and soon tweeted his version.
Also, variant drawing Hatsune Miku seemed widely spread in Japanese twittersphere. The movie is here,
Please install the Flash Player
Latest posts by Akky Akimoto (see all)
- Chromebook Finally Comes For Japanese Consumers - November 11, 2014
- Japanese Legal Advice Service Bengo4.com To Go IPO - November 7, 2014
- Japanese Crowdsource Service Crowdworks To Go IPO - November 7, 2014
- Yahoo! Japan Reportedly Ends The Tie With Kakao Japan - November 7, 2014
- Google Agreed To Remove 122 Items By Court Order - October 23, 2014