This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 10 °C Saturday 8 August, 2020

Australian teen to blame for Twitter's JavaScript meltdown

A 17-year-old Australian whizkid was to blame for the ‘onMouseOver’ issues that plagued the microblogging site.

Image: @zzap

A 17-YEAR-OLD Australian boy is being blamed for uncovering the Twitter flaw which yesterday saw the site go into virtual meltdown as rogue programmers discovered a way to make users continually retweet blocks of black text.

Pearse Delphin, a self-described “deontological libertarian from Melbourne, Australia” has been credited with discovering the flaw, posting the code to the site and demonstrating how it could be used for ill-effect.

The tweet tricked the site into converting JavaScript code into a legitimate hyperlink, complete with attributes which (when activated by hovering the mouse over it) triggered a pop-up box saying “Uh oh”.


It is understood that, having tweeted to say “No one tell [notorious online messageboard] 4chan about this, ok guys?”, several of 4chan’s users adapted the code so that anyone hovering over their tweets would be instantly redirected to a YouTube video of Rick Astley’s ‘Never Gonna Give You Up’.

The tweet was then adapted in the manner seen by most yesterday – to conceal its hidden message, retweeting itself, with black boxes.

Twitter has said that it had uncovered the problem itself in August and had moved to plug the security hole, but a recent update to its side (separate, it insisted, to the introduction of the so-called ‘New Twitter‘ interface) had unwittingly re-exposed the flaw.

Delphin has told news agency AFP that he posted the maliciously-used code “merely to see if it could be done … that JavaScript really could be executed within a tweet.

“I discovered a vulnerability, I didn’t create a self-replicating worm. As far as I know, that isn’t technically illegal.”

He has also tweeted an apology, saying: “I’ll say sorry, but I’m not taking off my glasses.”

For the benefit of his new Twitter followers, he has since tweeted: “Is this the point where I mention I need a job? I’m just a poor boy, no body loves me … except for the media.”

  • Share on Facebook
  • Email this article

About the author:

Gavan Reilly

Read next: