funsec mailing list archives
Re: Twitter Hacker Says Admin Password Was 'Happiness'
From: "Alex Eckelberry" <AlexE () sunbelt-software com>
Date: Wed, 7 Jan 2009 14:47:27 -0500
Oh. So what Britney twittered about herself wasn't true? -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Paul Ferguson Sent: Wednesday, January 07, 2009 12:25 AM To: funsec Subject: [funsec] Twitter Hacker Says Admin Password Was 'Happiness' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Absolute idiocy -- violating the first principle of security: easily cracked passwords. Via Threat Level. [snip] An 18-year-old hacker with a history of celebrity pranks has admitted to Monday's hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama's, and the official feed for Fox News. The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter's administrative control panel by pointing an automated password-guesser at a popular user's account. The user turned out to be a member of Twitter's support staff, who'd chosen the weak password "happiness." Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts. "I feel it's another case of administrators not putting forth effort toward one of the most obvious and overused security flaws," he wrote in an IM interview. "I'm sure they find it difficult to admit it." The hacker identified himself only as an 18-year-old student on the East Coast. He agreed to an interview with Threat Level on Tuesday after other hackers implicated him in the attack. [snip] Much more: http://blog.wired.com/27bstroke6/2009/01/professed-twitt.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJZDyzq1pz9mNUZTMRAnZLAJoD0IwRNVCUfLQ3D8AuLiUQSJGKsQCg2xBK zUkpUVWFsMLwVRxXc2MjRRA= =PC2v -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Twitter Hacker Says Admin Password Was 'Happiness' Paul Ferguson (Jan 06)
- Re: Twitter Hacker Says Admin Password Was 'Happiness' Alex Eckelberry (Jan 07)