Léoville - Latest Comments in Twitter Hacked

Re: Twitter Hacked

MarcC — Wed, 21 Jan 2009 17:22:37 -0000

O'Reilly's membership would be rejected

we would not want to be associated with him

Re: Twitter Hacked

artanis — Fri, 09 Jan 2009 08:20:45 -0000

Twitter broke some very simple security rules: enforce complex passwords (especially for your admin accounts), and lock an account out after a certain number of failed attempts. The hacker used a simple dictionary password attack to break in.

What I really find deplorable is John's comment that obtaining the hacked users' real e-mail address from a backup would be "very time consuming." I think the very least you'd want to do for your most prominent users is to send them a new password so they can get back on Twitter ASAP. I'd understand if it were the hacked users that chose poor passwords, but it was Twitter's own staff that provided the security hole.

Re: Twitter Hacked

My Inventory Management — Wed, 07 Jan 2009 20:14:17 -0000

twitter been hacked? very scary about that thing happen. admin area is very sensitive and need to give an extra security after this. you can learn more to get a good care about security admin after this. keep it a good job team twitter....

Re: Twitter Hacked

ulricr — Tue, 06 Jan 2009 20:54:44 -0000

Who's asking the questions? It doesn't sound like Leo's voice

Re: Twitter Hacked

J.R. Orci — Tue, 06 Jan 2009 19:43:31 -0000

Too bad, really. I was psyched that O'reilly had finally come out...

Re: Twitter Hacked

Hoosierguy — Tue, 06 Jan 2009 15:56:39 -0000

Wish they would have posted that I got lucky. :-)

Re: Twitter Hacked

Marcus Povey — Tue, 06 Jan 2009 14:56:40 -0000

While we're at it, there is a secondary and far more widespread issue here with many of the services in the twitter ecosystem requiring you to hand over your username and password. Many do so without a second thought, and since people are often lazy with passwords this could lead to much upset.

Services which require you to hand over the virtual keys to your house to work are always going to be problematic - a possibly reason why the facebook platform has been deprecated.

Perhaps now is a good time for twitter to push towards using something like OAuth?

Re: Twitter Hacked

Bryan — Tue, 06 Jan 2009 10:33:21 -0000

Not to get too far off topic, but....

When will the rest of us be able to get Qik for our iPhones. Seems like it has been "Coming Soon" for 6 months now...

Re: Twitter Hacked

ChrisTheFeral — Tue, 06 Jan 2009 10:09:49 -0000

It's working for me, but I get that error a lot, outta the blue, even on apples website when they embed .movs etc.

Re: Twitter Hacked

leolaporte — Tue, 06 Jan 2009 09:01:17 -0000

I really appreciated your openess, John. It's good to know what actually happened.

The full conversation is on Qik: http://qik.com/twit#v=813128 (along with other videos of the revelry last night) Our conversation begins about 3 minutes in at the 10:00 mark. It was good meeting you too - sorry about the camera work!!

Re: Twitter Hacked

Jonathan — Tue, 06 Jan 2009 08:59:12 -0000

Britney Spears' account also got hacked. I read her latest tweet and definately did a double take. I screen captured it before it dissapeared 18 minutes later.

Re: Twitter Hacked

phil campbell — Tue, 06 Jan 2009 08:35:45 -0000

it is no different to what people using windows operating system have been exposed to over the last few decades - with popularity comes traffic and an urge from those of the dark side of the force to corrupt and get some kind of status kick out of it. it should be expected as a by product of success.

Always someone out there wanting you to fall. :)

Re: Twitter Hacked

netik — Tue, 06 Jan 2009 03:16:39 -0000

Leo has cut out some of the discussion I had with him here, but, basically, an admin tool was abused allowing a rogue user to modify some accounts on Twitter. As described in our status blog at status.twitter.com, we have modified our site to restrict admin privileges to appropriate users and to prevent the abuse that allowed this attack to occur.

Please understand that our staff is on the job and we will do all we can to protect our users, and have dedicated a team of engineers to this issue.

Nice meeting you this evening, Leo.

Re: Twitter Hacked

cntrysigns — Tue, 06 Jan 2009 03:03:22 -0000

Well, I'm not one of the famous people and my account was hacked too. Not once but twice in 1 day.

Re: Twitter Hacked

SuzannadannaTARDIS — Tue, 06 Jan 2009 03:01:11 -0000

Holy Moly! That is seriously scary.

On a similar note, I've seen some of the most popular UStreamers get hacked in the past week. I wonder what is in the air lately?

Re: Twitter Hacked

SoniaT — Tue, 06 Jan 2009 02:54:04 -0000

Remember the 17 year old kid that took down Yahoo? These challenges are candy for hackers http://www.dennismoran.org/...

Re: Twitter Hacked

Ben Werdmuller — Tue, 06 Jan 2009 02:30:46 -0000

A lesson for anyone building Internet-accessible applications: make admin security one of your highest priorities. There are ways to make hacker attacks much less likely; now that Twitter have presumably fixed the issue, I'd love to hear the details. It'd surely be useful and interesting to anyone building or running an app, and therefore make everyone's web presences just that little bit safer.

Re: Twitter Hacked

Ryan Doherty — Tue, 06 Jan 2009 02:03:31 -0000

I see a big ? instead of a Quicktime movie.

(FF nightly, OSX, Quicktime 7.5.5)