- Recent
- Popular
- Tags (0)
- Subscribers (9)
- How an 18-Year Old Hacked Twitter with a DictionaryYesterday
-
Things were looking tough for Twitter earlier this week, after last week's phishing scam and the breach of security earlier this week that left 33 high-profile Twitter accounts compromised.
Now that details of the hack are surfacing, though, it's looking even more embarrassing.
According to Wired's Threat Level blog, the hacker was an 18-year old who goes by GMZ, and his weapon of choice was a simple brute force dictionary hack.
Exploiting lax security protocols, the hacker was able to repeatedly flood Twitter's servers with login attempts using passwords garnered from a simple dictionary file. He didn't even have to go far - the password, as it turns out, ironically, was "happiness."
The details of the rudimentary hack reveal a startling lack of essential security within Twitter's halls, and raises eyebrows about the potential for Twitter to be marketed as an internal collaboration tool for business use. The so called dictionary-hack has been a mainstay of hackers for decades, and the servers should have been configured to recognize the repeated login attempts. A lack of strong password enforcement (ensuring that passwords are complex) and a failure to "lock out" accounts after multiple failed attempts are a breeding ground for would be hackers and crackers - with a situation like that, it was only a matter of time.
Perhaps this is a blessing in disguise. Twitt
- A Black Eye Mars Twitter's New YearJanuary 5
-
It's been a rough start to 2009 for Twitter. The microblogging platform was first slammed this week with a major phishing scam so serious that Twitter posted a warning on every user's main page. Hot on the phishing scam's heels, Twitter's admin tools were hacked, allowing hackers access to 33 high-profile Twitter accounts like US President-elect Barack Obama, CNN's Rick Sanchez and even Britney Spears. Widely reported both within the blogosphere and within popular print media, the two incidents have given Twitter a bit of a black eye, right at the start of the year when the service is, according to co-founder Evan Williams, set to turn a profit.
Definitely not a great way to start a new year, especially for a service that still has yet to present a firm plan for monetization. Still, though, there's a silver lining or two to be found if you look at it just right. For example: the user response to the phishing scam. As widespread as the scam seems to be, the response to the scam in the twittersphere is significantly larger, which I suppose should be rea
- The Perils of Twit-NappingDecember 29 2008
-
Mike Butcher wrote today on TechCrunch about the UK Department of Culture, Media and Sports (DCMS) and their apparent inability to adequately grasp the challenge of making the internet child-safe. Although Butcher's arguments are sound, a tiny paragraph at the end of the article raised our collective eyebrow:
Writes Butcher:
"...I have kidnapped Andy Burnham’s name on Twitter (more useful than his lame site), until such time as he’s prepared to sit down and listen to some real feedback about his ideas. Then he can have it back."Interesting. Although we've read about squatting on Twitter names in the past, Butcher's brazen admission of the act (coupled with the evidence, Butcher's fake Burnham twitter page) bring this issue into a very public forum - the blogosphere.
Just what is Twit-Napping, or Squitting (as it's also known), anyway? Essentially it's a simple concept - people go onto Twitter and register an account with a famous name - say, for example, Shaquille O’Neal. That's exactly what happened this year to the world-famous basketball player when his sports agency called him to congratulate him on his fan outreach. Problem was, O'Neal hadn't started reaching out - yet. The ballplayer's response to discovering that his name a
- See Sociable's Facebook Connect Wordpress Plugin in ActionDecember 21 2008
-
Here's a little video courtesy of the folks over at Six Jumps, the folks responsible for the Sociable Facebook Connect Plugin for the Wordpress blogging platform. As we mentioned last week, this is one of the first plugins to take advantage of Facebook's new data availability feature, Facebook Connect.
You can see the functionality of this plugin fairly clearly in the video. So far the only remarkable problem with the plugin is that the Facebook Connect box is a fixed width and doesn't expand / contract according to the length of the username - but that seems like a simple fix that'll be right around the corner.
Currently the best Wordpress plugin out there for Facebook Connect integration, this is the app to watch if you want your Wordpress blog users to be able to login with Facebook and post comments to their profiles.
- Plugins Bring Facebook Connect to Popular Blogging PlatformsDecember 18 2008
-
Since the recent launch of Facebook Connect, Facebook's new data availability feature that lets users link up their Facebook profiles with other websites around the internet, developers have been working overtime.
The result? Facebook's new Facebook Connect Plugin Directory, currently the central repository for Facebook Connect plugins, widgets and applications. As of today the roster of supported platforms includes Movable Type, Wordpress, Discus, MediaWiki and others.
Most of these plugins are a quick and easily installation - and enable varying levels of integration. The simplest allow users to login in and comment on blogs and websites using their Facebook ID's, while the more complex plugins, such as Sociable's Facebook Connect Wordpress Plugin, enable more advanced functionality including inviting friends, showing recent visitors, and sharing comments on Facebook.
Our prediction? This is the tip of the iceberg. By the spring we expect to see a Facebook Connect plugin for every major content management system out there. By the summer there'll be a front-runner for each platform, and by this time next year we'll all take it for granted that b