Sigh.

I wrote another article on Dave Naylor’s blog about the XSS exploit I found yesterday. It seems they’ve made a pretty amateurish attempt to fix the issue, completely missing the massive problem staring them in the face. It seems to be picking up a bit more traction today – I’ve even been quoted by TechCrunch! It’s a bit strange reading my own words back at me in the context of someone else’s article. Neat.

I had the opportunity (probably) to take down Twitter today. Or at least stir up a whole lot of trouble. I really can’t believe I’m the first person to think of it, but I’m pretty sure it would have worked!

Because I’m a nice guy – and not at all grudgingly, honest – we’re holding off on publishing the details until someone from Twitter gets back to us. Maybe they can give me one of those neat “Verified Account” badges to say thankyou?

Edit: As you probably know if you’re reading this, the details got published.