Announcement

**b0n3z** · May 1, 2009, 17:10

Re: Twitter hacked again

Originally posted by xor View Post

Drexel didn't, my school e-mail account got hacked for SPAM purposes even with a password that contained letters and numbers. xor

not surprising necessarily....but still wouldn't you want to at least TRY to stop hackers?

what a day and age we live in...

**xor** · May 1, 2009, 17:23

Re: Twitter hacked again

Originally posted by b0n3z View Post

not surprising necessarily....but still wouldn't you want to at least TRY to stop hackers?

what a day and age we live in...

Stop hackers!!! there's no stopping us, didn't you know that.

We can launch nuclear missiles over the phone with a Captain Crunch kazoo.

Yes I couldn't agree with you more. Someone needs to be watching the store. Vigilance perhaps above all things is a security professional greatest tool.

xor

**b0n3z** · May 1, 2009, 17:26

Re: Twitter hacked again

Originally posted by xor View Post

Stop hackers!!! there's no stopping us, didn't you know that.

We can launch nuclear missiles over the phone with a Captain Crunch kazoo. xor

damnit, I forgot my kazoo!!!

I brought the launch codes and the cheetos though!

**Thorn** · May 1, 2009, 17:33

Re: Twitter hacked again

Originally posted by streaker69 View Post

I tell my users that if they forget their password to come to me and I'll change it to something that's easy to remember like: I'madumbassandican'tremembermypassword

Actually, that's the kind of password that I suggest to my client's users. Take a phrase that is familiar to them from a hobby, book, or favorite line from TV or movie. Run it all together, and throw in a few numbers or other characters.

That gives them something that is complex, yet they should able to recall relatively easily.

A couple of examples, from a Casablanca fan:

r1cksCAFEamerican
Every1Comes2Ricks
M4jorStr4sserHasBeenSh0t&RoundUpTheUsualSuspects
Louis1ThinkThisIsTheBeginningOfABe4utifulFriend-ship

I doesn't always work though, as I still find Post-It notes with passwords under keyboards.

Originally posted by noid View Post

or you can just mash up racial slurs and obscenities, toss in a few extended characters, and wah-lah..fun for the whole family (and possibly your HR department)..

Anything that gives HR people ulcers can't be all bad.

**b0n3z** · May 1, 2009, 17:39

Re: Twitter hacked again

Originally posted by Thorn View Post

Louis1ThinkThisIsTheBeginningOfABe4utifulFriend-ship

Superman?

And if it is that should be Lois...

**Thorn** · May 1, 2009, 17:48

Re: Twitter hacked again

Originally posted by b0n3z View Post

Superman?

And if it is that should be Lois...

Nope, it's the exit line from Casablanca: Rick Blane (Humphrey Bogart) says it to Prefect of Police Louis Renault (Claude Rains): "Louis, I think this is the beginning of a beautiful friendship."

Louis is French, and it is pronounce "loo ee".

**b0n3z** · May 1, 2009, 17:55

Re: Twitter hacked again

OHHHHH.....

my age is showing cause I've still never seen that movie....

xP

**the-Jaku** · May 1, 2009, 23:38

Re: Twitter hacked again

to bad about the ahi encontre jajaj It must Twiker a gymnast I'm The-Jakue because I am Latino and I hope to learn from you and you learn from me. .

**valanx** · May 2, 2009, 11:07

Re: Twitter hacked again

Originally posted by b0n3z View Post

Superman?

And if it is that should be Lois...

sigh..

So in mentioning superman, it reminded me that the last time I ran a DoD audit about 12% of the passwords were some form of "superman". Strangely, nobody had a password called "overbearingego" or "napoleoncomplex".

But that was a few years ago, maybe they have moved on to transformers underwear now.

**Thsyrus** · May 2, 2009, 14:28

Re: Twitter hacked again

Passwords are a problem people try to tackle from the wrong place. You can force people to do all sorts of god awful things to make it "more secure" but you will find that people will just find another way of compromising their security. I think the situation needs to be tackled on 2 fronts.

Firstly making sure techs don't do stupid things. Max password limits of 8? Fuck off (note: sorry for swearing but this is a stupid limit), its 2009 and we only have the computing capacity to handle the computation of 8 character passwords?

Secondly I do think good password creation should be taught in schools. I did a general computing course in school and it taught me endless useless things that I will never need but we can't add a module on good security practices and passwords creation?

**barry99705** · May 2, 2009, 16:57

Re: Twitter hacked again

Originally posted by Thsyrus View Post

Passwords are a problem people try to tackle from the wrong place. You can force people to do all sorts of god awful things to make it "more secure" but you will find that people will just find another way of compromising their security. I think the situation needs to be tackled on 2 fronts.

Firstly making sure techs don't do stupid things. Max password limits of 8? Fuck off (note: sorry for swearing but this is a stupid limit), its 2009 and we only have the computing capacity to handle the computation of 8 character passwords?

Secondly I do think good password creation should be taught in schools. I did a general computing course in school and it taught me endless useless things that I will never need but we can't add a module on good security practices and passwords creation?

The military pretty much guarantees that people will write down their passwords. Greater than 8 characters, has to have a capital, punctuation, and number. Can't be any part of your name or social. Gets changed every 60 days and you can't use the last 35 passwords over. It also won't let you just add a letter/number to the last password.

**theprez98** · May 2, 2009, 18:40

Re: Twitter hacked again

Doesn't Twitter allow unlimited logon attempts? That is a problem.

**streaker69** · May 2, 2009, 18:49

Re: Twitter hacked again

I think the primary focus here shouldn't really be twitter getting 'hacked' since it really wasn't per se. It was more of a good social engineering attack against one of their people and the lax way that YahooMail handles password resets.

Obviously the guy was an idiot for storing his twitter password in his yahoo mail account. But at the same time, it would appear that Yahoo needs to take a serious look at their own system for password changes. Obviously they shouldn't be using password reminder questions that are so easily guessed or researched. My bank has some interesting questions that they use for authentication. Two that I can recall are "Name of first girlfriend/boyfriend" and "Maternal Grandmother's first name." Both of which would be very difficult to research.

Of course, it would be wise to make the answers to those questions just as complex as your password, so even if someone did happen to find the answer, they wouldn't know how you entered it.

**the-Jaku** · May 2, 2009, 23:26

Re: Twitter hacked again

jajajajja is very funny this shit

**sintax_error** · May 3, 2009, 04:35

Re: Twitter hacked again

Originally posted by streaker69 View Post

...snip snip...Of course, it would be wise to make the answers to those questions just as complex as your password, so even if someone did happen to find the answer, they wouldn't know how you entered it.

Exactly. One doesn't need to go as far as a 20+ digit alphanumeric string with a couple of symbols tossed in for "what's your father's middle name?" Something as simple as intentionally mis-spelling the answer, dicking with capitalization, or using a relatively simple string that you're reminded of would generally suffice. Alas, that's about as common a practice as using a solid password in the first place. No matter what training and scolding you give the masses, you will still find pet's names with a zip code tossed after it, passwords emailed to one's self, and post-it's stuck to a variety of objects near workstations, and my personal favorite, taped to a laptop palm-rests. It's a never ending battle.

On a separate note, Xor: "sex"? Really? Come on, everyone knows real men use "god".

Announcement

Twitter hacked again

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment