Announcement

Collapse
No announcement yet.

Twitter hacked again

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: Twitter hacked again

    Originally posted by xor View Post
    Drexel didn't, my school e-mail account got hacked for SPAM purposes even with a password that contained letters and numbers. xor
    not surprising necessarily....but still wouldn't you want to at least TRY to stop hackers?

    what a day and age we live in...
    Saving the world one computer at a time...

    or possibly destroying, I haven't figured that out yet.

    Comment


    • #17
      Re: Twitter hacked again

      Originally posted by b0n3z View Post
      not surprising necessarily....but still wouldn't you want to at least TRY to stop hackers?

      what a day and age we live in...
      Stop hackers!!! there's no stopping us, didn't you know that. We can launch nuclear missiles over the phone with a Captain Crunch kazoo.

      Yes I couldn't agree with you more. Someone needs to be watching the store. Vigilance perhaps above all things is a security professional greatest tool.

      xor
      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

      Comment


      • #18
        Re: Twitter hacked again

        Originally posted by xor View Post
        Stop hackers!!! there's no stopping us, didn't you know that. We can launch nuclear missiles over the phone with a Captain Crunch kazoo. xor
        damnit, I forgot my kazoo!!!

        I brought the launch codes and the cheetos though!
        Saving the world one computer at a time...

        or possibly destroying, I haven't figured that out yet.

        Comment


        • #19
          Re: Twitter hacked again

          Originally posted by streaker69 View Post
          I tell my users that if they forget their password to come to me and I'll change it to something that's easy to remember like: I'madumbassandican'tremembermypassword
          Actually, that's the kind of password that I suggest to my client's users. Take a phrase that is familiar to them from a hobby, book, or favorite line from TV or movie. Run it all together, and throw in a few numbers or other characters.

          That gives them something that is complex, yet they should able to recall relatively easily.

          A couple of examples, from a Casablanca fan:

          r1cksCAFEamerican
          Every1Comes2Ricks
          M4jorStr4sserHasBeenSh0t&RoundUpTheUsualSuspects
          Louis1ThinkThisIsTheBeginningOfABe4utifulFriend-ship

          I doesn't always work though, as I still find Post-It notes with passwords under keyboards.

          Originally posted by noid View Post
          or you can just mash up racial slurs and obscenities, toss in a few extended characters, and wah-lah..fun for the whole family (and possibly your HR department)..
          Anything that gives HR people ulcers can't be all bad.
          Thorn
          "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

          Comment


          • #20
            Re: Twitter hacked again

            Originally posted by Thorn View Post
            Louis1ThinkThisIsTheBeginningOfABe4utifulFriend-ship
            Superman?

            And if it is that should be Lois...
            Saving the world one computer at a time...

            or possibly destroying, I haven't figured that out yet.

            Comment


            • #21
              Re: Twitter hacked again

              Originally posted by b0n3z View Post
              Superman?

              And if it is that should be Lois...
              Nope, it's the exit line from Casablanca: Rick Blane (Humphrey Bogart) says it to Prefect of Police Louis Renault (Claude Rains): "Louis, I think this is the beginning of a beautiful friendship."

              Louis is French, and it is pronounce "loo ee".
              Last edited by Thorn; May 1, 2009, 20:59. Reason: Typo
              Thorn
              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

              Comment


              • #22
                Re: Twitter hacked again

                OHHHHH.....

                my age is showing cause I've still never seen that movie....

                xP
                Saving the world one computer at a time...

                or possibly destroying, I haven't figured that out yet.

                Comment


                • #23
                  Re: Twitter hacked again

                  to bad about the ahi encontre jajaj It must Twiker a gymnast I'm The-Jakue because I am Latino and I hope to learn from you and you learn from me. .

                  Comment


                  • #24
                    Re: Twitter hacked again

                    Originally posted by b0n3z View Post
                    Superman?

                    And if it is that should be Lois...
                    sigh..

                    So in mentioning superman, it reminded me that the last time I ran a DoD audit about 12% of the passwords were some form of "superman". Strangely, nobody had a password called "overbearingego" or "napoleoncomplex".

                    But that was a few years ago, maybe they have moved on to transformers underwear now.
                    ----------------------------------------
                    Fraternal Order of Locksport

                    Comment


                    • #25
                      Re: Twitter hacked again

                      Passwords are a problem people try to tackle from the wrong place. You can force people to do all sorts of god awful things to make it "more secure" but you will find that people will just find another way of compromising their security. I think the situation needs to be tackled on 2 fronts.

                      Firstly making sure techs don't do stupid things. Max password limits of 8? Fuck off (note: sorry for swearing but this is a stupid limit), its 2009 and we only have the computing capacity to handle the computation of 8 character passwords?

                      Secondly I do think good password creation should be taught in schools. I did a general computing course in school and it taught me endless useless things that I will never need but we can't add a module on good security practices and passwords creation?

                      Comment


                      • #26
                        Re: Twitter hacked again

                        Originally posted by Thsyrus View Post
                        Passwords are a problem people try to tackle from the wrong place. You can force people to do all sorts of god awful things to make it "more secure" but you will find that people will just find another way of compromising their security. I think the situation needs to be tackled on 2 fronts.

                        Firstly making sure techs don't do stupid things. Max password limits of 8? Fuck off (note: sorry for swearing but this is a stupid limit), its 2009 and we only have the computing capacity to handle the computation of 8 character passwords?

                        Secondly I do think good password creation should be taught in schools. I did a general computing course in school and it taught me endless useless things that I will never need but we can't add a module on good security practices and passwords creation?
                        The military pretty much guarantees that people will write down their passwords. Greater than 8 characters, has to have a capital, punctuation, and number. Can't be any part of your name or social. Gets changed every 60 days and you can't use the last 35 passwords over. It also won't let you just add a letter/number to the last password.

                        Comment


                        • #27
                          Re: Twitter hacked again

                          Doesn't Twitter allow unlimited logon attempts? That is a problem.
                          "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

                          Comment


                          • #28
                            Re: Twitter hacked again

                            I think the primary focus here shouldn't really be twitter getting 'hacked' since it really wasn't per se. It was more of a good social engineering attack against one of their people and the lax way that YahooMail handles password resets.

                            Obviously the guy was an idiot for storing his twitter password in his yahoo mail account. But at the same time, it would appear that Yahoo needs to take a serious look at their own system for password changes. Obviously they shouldn't be using password reminder questions that are so easily guessed or researched. My bank has some interesting questions that they use for authentication. Two that I can recall are "Name of first girlfriend/boyfriend" and "Maternal Grandmother's first name." Both of which would be very difficult to research.

                            Of course, it would be wise to make the answers to those questions just as complex as your password, so even if someone did happen to find the answer, they wouldn't know how you entered it.
                            A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                            Comment


                            • #29
                              Re: Twitter hacked again

                              jajajajja is very funny this shit

                              Comment


                              • #30
                                Re: Twitter hacked again

                                Originally posted by streaker69 View Post
                                ...snip snip...Of course, it would be wise to make the answers to those questions just as complex as your password, so even if someone did happen to find the answer, they wouldn't know how you entered it.
                                Exactly. One doesn't need to go as far as a 20+ digit alphanumeric string with a couple of symbols tossed in for "what's your father's middle name?" Something as simple as intentionally mis-spelling the answer, dicking with capitalization, or using a relatively simple string that you're reminded of would generally suffice. Alas, that's about as common a practice as using a solid password in the first place. No matter what training and scolding you give the masses, you will still find pet's names with a zip code tossed after it, passwords emailed to one's self, and post-it's stuck to a variety of objects near workstations, and my personal favorite, taped to a laptop palm-rests. It's a never ending battle.

                                On a separate note, Xor: "sex"? Really? Come on, everyone knows real men use "god".
                                "You have cubed asscheeks?"... "Do you not?"

                                Comment

                                Working...
                                X