It's working for me, but I get that error a lot, outta the blue, even on apples website when they embed .movs etc.
Ben Werdmuller
· 11 months ago
A lesson for anyone building Internet-accessible applications: make admin security one of your highest priorities. There are ways to make hacker attacks much less likely; now that Twitter have presumably fixed the issue, I'd love to hear the details. It'd surely be useful and interesting to anyone building or running an app, and therefore make everyone's web presences just that little bit safer.
Marcus Povey
· 11 months ago
While we're at it, there is a secondary and far more widespread issue here with many of the services in the twitter ecosystem requiring you to hand over your username and password. Many do so without a second thought, and since people are often lazy with passwords this could lead to much upset.
Services which require you to hand over the virtual keys to your house to work are always going to be problematic - a possibly reason why the facebook platform has been deprecated.
Perhaps now is a good time for twitter to push towards using something like OAuth?
On a similar note, I've seen some of the most popular UStreamers get hacked in the past week. I wonder what is in the air lately?
cntrysigns
· 11 months ago
Well, I'm not one of the famous people and my account was hacked too. Not once but twice in 1 day.
netik
· 11 months ago
Leo has cut out some of the discussion I had with him here, but, basically, an admin tool was abused allowing a rogue user to modify some accounts on Twitter. As described in our status blog at status.twitter.com, we have modified our site to restrict admin privileges to appropriate users and to prevent the abuse that allowed this attack to occur.
Please understand that our staff is on the job and we will do all we can to protect our users, and have dedicated a team of engineers to this issue.
Nice meeting you this evening, Leo.
leolaporte
· 11 months ago
I really appreciated your openess, John. It's good to know what actually happened.
The full conversation is on Qik: http://qik.com/twit#v=813128 (along with other videos of the revelry last night) Our conversation begins about 3 minutes in at the 10:00 mark. It was good meeting you too - sorry about the camera work!!
phil campbell
· 11 months ago
it is no different to what people using windows operating system have been exposed to over the last few decades - with popularity comes traffic and an urge from those of the dark side of the force to corrupt and get some kind of status kick out of it. it should be expected as a by product of success.
Always someone out there wanting you to fall. :)
Jonathan
· 11 months ago
Britney Spears' account also got hacked. I read her latest tweet and definately did a double take. I screen captured it before it dissapeared 18 minutes later.
Bryan
· 11 months ago
Not to get too far off topic, but....
When will the rest of us be able to get Qik for our iPhones. Seems like it has been "Coming Soon" for 6 months now...
Hoosierguy
· 11 months ago
Wish they would have posted that I got lucky. :-)
J.R. Orci
· 11 months ago
Too bad, really. I was psyched that O'reilly had finally come out...
MarcC
· 11 months ago
O'Reilly's membership would be rejected
we would not want to be associated with him
Fred
· 11 months ago
Who's asking the questions? It doesn't sound like Leo's voice
My Inventory Management
· 11 months ago
twitter been hacked? very scary about that thing happen. admin area is very sensitive and need to give an extra security after this. you can learn more to get a good care about security admin after this. keep it a good job team twitter....
artanis
· 11 months ago
Twitter broke some very simple security rules: enforce complex passwords (especially for your admin accounts), and lock an account out after a certain number of failed attempts. The hacker used a simple dictionary password attack to break in.
What I really find deplorable is John's comment that obtaining the hacked users' real e-mail address from a backup would be "very time consuming." I think the very least you'd want to do for your most prominent users is to send them a new password so they can get back on Twitter ASAP. I'd understand if it were the hacked users that chose poor passwords, but it was Twitter's own staff that provided the security hole.
All Comments
(FF nightly, OSX, Quicktime 7.5.5)
Services which require you to hand over the virtual keys to your house to work are always going to be problematic - a possibly reason why the facebook platform has been deprecated.
Perhaps now is a good time for twitter to push towards using something like OAuth?
On a similar note, I've seen some of the most popular UStreamers get hacked in the past week. I wonder what is in the air lately?
Please understand that our staff is on the job and we will do all we can to protect our users, and have dedicated a team of engineers to this issue.
Nice meeting you this evening, Leo.
The full conversation is on Qik: http://qik.com/twit#v=813128 (along with other videos of the revelry last night) Our conversation begins about 3 minutes in at the 10:00 mark. It was good meeting you too - sorry about the camera work!!
Always someone out there wanting you to fall. :)
When will the rest of us be able to get Qik for our iPhones. Seems like it has been "Coming Soon" for 6 months now...
we would not want to be associated with him
What I really find deplorable is John's comment that obtaining the hacked users' real e-mail address from a backup would be "very time consuming." I think the very least you'd want to do for your most prominent users is to send them a new password so they can get back on Twitter ASAP. I'd understand if it were the hacked users that chose poor passwords, but it was Twitter's own staff that provided the security hole.