back to article Twitter worm author gets security job

The self-confessed author of the recent Twitter worm has scored a potentially lucrative job doing security analysis and web development work. Michael "Mikeyy" Mooney, a 17 year-old student from Brooklyn, New York, created a worm that exploited cross-site scripting vulnerabilities in a ham-fisted attempt to promote a site he …


This topic is closed for new posts.
  1. Christoph

    So now we know, guys

    Looking for a job in the recession? Now we know how to get one.

  2. Anonymous Coward
    Paris Hilton

    Twitter users

    "Mikeyy didn't just waste the time of thousands of Twitter users..." Erm, weren't they doing that all by themselves anyway?

    Paris... not wasting anyone's time.

  3. Paul Bruneau


    > Mikeyy didn't just waste the time of thousands of Twitter users

    Imagine the losses to the world economy from those Twitter users' time being wasted! The Horror!

  4. Anonymous Coward
    Anonymous Coward

    Worm descrimination

    So a worm that advertises something is ok but one that doesn't is not. My how spam has evolved.

    Now if this 17 year old was ew say in his 40's and had AS and was British, would he of got offered a job I wonder.

    Either way, nice to see some sanity take place, no harm was intended and he stuck his neck out enough to get noticed by a sane person who offered him a job. Albiet semi-advertising `hack a system - get a job` approach, which sadly alot of people try and fail at, things like ew prison, laws etc. But hey an industry that gets to recruit the people who generaly get caught is hardly going to get the best of the best, but still get some good people.

    But hey at 17 (25 yrs ago) I wrote a mainframe worm, harmless, advertised a joke, nobody knew and I got me own job.

  5. Michael

    Pile of dead wood

    "If we all gave up at the first point of contact with a company having security issues, I tend to think the net would be a smoldering pile of dead wood before long."

    You mean it isn't already??

  6. Nicholas Ettel

    The grey line of irresponsibility

    ""Mikeyy didn't just waste the time of thousands of Twitter users - he also put them at considerable risk," said Graham Cluley, senior technology consultant at Sophos. "Imagine if financially-motivated hackers had seen what Mikeyy was doing and used the XSS flaw to steal identities and install malware, as Twitter scrabbled to get the problem fixed."

    "So, Mikeyy proved two things with his worms. One was that there was a problem with Twitter. The other was that Mikeyy Mooney had no problem with acting irresponsibly. He may very well be skilled in some aspects of computing, but there are plenty of other people out there with those skills who have not shown themselves to have such questionable judgment," he added."

    You can argue the sematics of this round and round, but the fact is that if he was as malicious and irresponsible as Mr. Cluley seems to think, then Mikeyy himself would have been using his worm to steal identities, installing malware AND making the supposed financial gain. But he didn't.

    So, was Mikeyy's method of revealing the vulnerability irresponsible? Perhaps. But if he made a sincere effort to warn Twitter of their insecurity and they didn't acknowledge his finding, then his method is certainly more acceptable. There's not a huge difference between what he did, and what happens when people reveal security flaws for the first time at hacker/security conventions -- he just put his find in the wild, instead of in a contained environment. But as he's only 17 and had no professional experience, he didn't have much of a choice.

    All I'm saying is that he probably could have caused a whole lot more damage and strife than what he did. But it seems he consciously chose not to, which shows at least a modicum of sense of responsibility.

  7. adnim


    The lad understands enough about html, Java and the Internet to write a script that spammed his website across Twitter... Clever, I bet he felt smug after that.

    Yet he is not smart enough to secure his own systems. Not so clever, and rather humbling I suspect.

    I wouldn't employ him, I don't need a tea boy anyway.

  8. Anonymous Coward
    Anonymous Coward

    Oopsy daisy!

    That truly was a profound scalping in the link. I almost feel bad for Mikey.

    So once again- remind me not to store my passwords in a plaintext file on my not-so-secure server. Maybe then I can be a L33T hacker like this guy.

  9. Destroy All Monsters Silver badge


    "Travis Rowland, 24, ... is sympathetic to Mooney's situation because he once worked in military intelligence"

    One half-baked twat chasing another, Benny Hill style.

  10. Anonymous Coward
    Anonymous Coward


    "I doubt he still thinks it was worth it," Boyd concludes.

    Go directly to career, do not pass higher education, do collect £200 repeatedly.

  11. Anonymous Coward

    "Security Analysis"

    Does he have any other skill than finding shit |XSS]?

    Like bypassing html obscufactors (I can never spell that)

    Lets just wait until the company he works for gets their databases dumped?

    Damn noobs these days!

  12. Anonymous Coward

    Hmmm I better start writing malicious code then

    I've been looking for a IT security job for months

    Nothing that pays anything half decent in my region of the UK. Sheesh

    All I need to do is write a worm... piece of cake.

    I'll take the one with my coding disks in the pockets

  13. filey


    Never buy any products or deal with

    exqSoft Solutions

    nice to know who the cowboys are

  14. jake Silver badge

    One born every minute.

    Travis Rowland, 24, founder and chief exec of Web applications development firm exqSoft Solutions"

    ::adds another company to the "never do business with" list::

    What IS it with these chowderheads, anyway? You do NOT reward bad behavior, as any nursery school teacher (or good parent) will tell you! I wouldn't hire the brat until he managed to keep a clean nose long enough to get a Masters degree.

    "sympathetic to Mooney's situation because he once worked in military intelligence""

    Oh. That explains lots. The twit thinks working for the .mil is the same as a loner gaming a social networking site. Was Travis born a moron, or does he have to work at it?

    New word time ... pulling a rowland, meaning rewarding a brat for being a brat.

  15. Graham Cluley

    @Nicholas Ettel

    *If* Mikeyy Mooney did make a sincere effort to warn Twitter (quite a big "if" to my mind, as it hasn't been suggested before) and they ignored him then his response should never have been to unleash the worm.

    *If* they had ignored him, a better thing would have been to have gone to a security journalist, demonstrated the flaw to the journo, and allowed the journo (without publishing details of how to reproduce it) to write about it. You can be sure that would get the attention of Twitter's powers-that-be.

    But the fact is that there's no suggestion that Mikeyy has ever contacted Twitter to work out a responsible way of disclosing the flaw. Instead he endangered many innocent Twitter users and disrupted the business.

  16. Graham Cluley

    And guess what the *latest* Mikeyy worm says

    In case anyone missed it, shortly after it was revealed that Mikeyy had been offered this job, a new worm was spreading around Twitter.

    One of its messages?

    "I work for exqSoft Solutions now - - mikeyy"

    Not a good sign. The CEO of exqSoft says he did not ask for the worm to be written and has been unable to contact his latest recruit to ask if he is the originator.

  17. Tails

    Good news for Whacky Jacqui!

    If this joker can get a security job for writing a worm, I reckon it'd be a cakewalk for her to become Prime Minister and also get a Dame Grand Cross too!

  18. webdude
    Thumb Down


    Any business who hires a loser who got caught I want to stay far, far away from.

    Why not hire the guy who didn't get caught?

  19. Kanhef

    Nice scalping

    Demonstrates the problem with strong passwords – it's almost impossible to remember them. They have to be recorded somewhere, and that can be more of a vulnerability than using weak but easy to remember ones.

  20. breakfast Silver badge

    Intriguing misread

    Am I the only person who read "convicted Kiwi botherder " as "convicted Kiwi botherer" ?

    Yes, probably I am...

  21. Anonymous Coward
    Anonymous Coward


    Whats the point in strong passwords if they're stored in one central place with no encryption?

    Talk about missing the point.

  22. Anonymous Coward
    Anonymous Coward

    this kid is a joke

    read more @

    - mx

  23. mx

    mike youre a joke

    and I hope you read this thread

This topic is closed for new posts.

Other stories you might like