So now we know, guys
Looking for a job in the recession? Now we know how to get one.
The self-confessed author of the recent Twitter worm has scored a potentially lucrative job doing security analysis and web development work. Michael "Mikeyy" Mooney, a 17 year-old student from Brooklyn, New York, created a worm that exploited cross-site scripting vulnerabilities in a ham-fisted attempt to promote a site he …
So a worm that advertises something is ok but one that doesn't is not. My how spam has evolved.
Now if this 17 year old was ew say in his 40's and had AS and was British, would he of got offered a job I wonder.
Either way, nice to see some sanity take place, no harm was intended and he stuck his neck out enough to get noticed by a sane person who offered him a job. Albiet semi-advertising `hack a system - get a job` approach, which sadly alot of people try and fail at, things like ew prison, laws etc. But hey an industry that gets to recruit the people who generaly get caught is hardly going to get the best of the best, but still get some good people.
But hey at 17 (25 yrs ago) I wrote a mainframe worm, harmless, advertised a joke, nobody knew and I got me own job.
""Mikeyy didn't just waste the time of thousands of Twitter users - he also put them at considerable risk," said Graham Cluley, senior technology consultant at Sophos. "Imagine if financially-motivated hackers had seen what Mikeyy was doing and used the XSS flaw to steal identities and install malware, as Twitter scrabbled to get the problem fixed."
"So, Mikeyy proved two things with his worms. One was that there was a problem with Twitter. The other was that Mikeyy Mooney had no problem with acting irresponsibly. He may very well be skilled in some aspects of computing, but there are plenty of other people out there with those skills who have not shown themselves to have such questionable judgment," he added."
You can argue the sematics of this round and round, but the fact is that if he was as malicious and irresponsible as Mr. Cluley seems to think, then Mikeyy himself would have been using his worm to steal identities, installing malware AND making the supposed financial gain. But he didn't.
So, was Mikeyy's method of revealing the vulnerability irresponsible? Perhaps. But if he made a sincere effort to warn Twitter of their insecurity and they didn't acknowledge his finding, then his method is certainly more acceptable. There's not a huge difference between what he did, and what happens when people reveal security flaws for the first time at hacker/security conventions -- he just put his find in the wild, instead of in a contained environment. But as he's only 17 and had no professional experience, he didn't have much of a choice.
All I'm saying is that he probably could have caused a whole lot more damage and strife than what he did. But it seems he consciously chose not to, which shows at least a modicum of sense of responsibility.
The lad understands enough about html, Java and the Internet to write a script that spammed his website across Twitter... Clever, I bet he felt smug after that.
Yet he is not smart enough to secure his own systems. Not so clever, and rather humbling I suspect.
I wouldn't employ him, I don't need a tea boy anyway.
Travis Rowland, 24, founder and chief exec of Web applications development firm exqSoft Solutions"
::adds another company to the "never do business with" list::
What IS it with these chowderheads, anyway? You do NOT reward bad behavior, as any nursery school teacher (or good parent) will tell you! I wouldn't hire the brat until he managed to keep a clean nose long enough to get a Masters degree.
"sympathetic to Mooney's situation because he once worked in military intelligence""
Oh. That explains lots. The twit thinks working for the .mil is the same as a loner gaming a social networking site. Was Travis born a moron, or does he have to work at it?
New word time ... pulling a rowland, meaning rewarding a brat for being a brat.
*If* Mikeyy Mooney did make a sincere effort to warn Twitter (quite a big "if" to my mind, as it hasn't been suggested before) and they ignored him then his response should never have been to unleash the worm.
*If* they had ignored him, a better thing would have been to have gone to a security journalist, demonstrated the flaw to the journo, and allowed the journo (without publishing details of how to reproduce it) to write about it. You can be sure that would get the attention of Twitter's powers-that-be.
But the fact is that there's no suggestion that Mikeyy has ever contacted Twitter to work out a responsible way of disclosing the flaw. Instead he endangered many innocent Twitter users and disrupted the business.
In case anyone missed it, shortly after it was revealed that Mikeyy had been offered this job, a new worm was spreading around Twitter.
One of its messages?
"I work for exqSoft Solutions now - http://www.exqsoft.com/ - mikeyy"
Not a good sign. The CEO of exqSoft says he did not ask for the worm to be written and has been unable to contact his latest recruit to ask if he is the originator.
http://www.sophos.com/blogs/gc/g/2009/04/17/mikeyy-worm-targets-oprah-york-times/