Journal Hanike's Journal: Twitter docs hack exploits stupidity vuln
Text extracted directly from TheRegister.
Read full story here: http://www.theregister.co.uk/2009/07/20/dziuba_twitter_hack/
"Over a month ago, a hacker gained access to Twitter's internal documents and thereby introduced the unprofitable Web 2.0 darling to the blunt end of internet justice. Hacker Croll - the still anonymous Frenchman who has claimed responsibility for the attack - cracked the personal e-mail account of a Twitter administrator. In its observance of the San Francisco startup law of relying on free, online productivity suites instead of ponying up to Microsoft for something that actually works, Twitter stores all of its internal documents on Google Docs.
The administrator whose account was hacked used the same password for both his personal e-mail and his Google Docs login. Yes, web applications are sure to overtake desktop applications any day now.
Hacker Croll didn't exploit any software vulnerabilities. He exploited stupidity. To crack this personal e-mail account, all he had to do was answer a security question, which is the same way that a hacker gained access to Sarah Palin's personal e-mail account during the 2008 election.
(...)
More likely than not, if you had the login information from some office drone who spends his day cultivating a corporate tan under the fluorescent lights of a private, climate controlled hell, you most likely had credentials for a Windows NT domain or Active Directory.
(...)
And just for the sake of completion, if you know a TechCrunch writer's account information can load up http://www.techcrunch.com/wp-login.php and start posting about how online productivity suites will save us all from a hoof to the face by the savage brute in Redmond."
Read full story here: http://www.theregister.co.uk/2009/07/20/dziuba_twitter_hack/
"Over a month ago, a hacker gained access to Twitter's internal documents and thereby introduced the unprofitable Web 2.0 darling to the blunt end of internet justice. Hacker Croll - the still anonymous Frenchman who has claimed responsibility for the attack - cracked the personal e-mail account of a Twitter administrator. In its observance of the San Francisco startup law of relying on free, online productivity suites instead of ponying up to Microsoft for something that actually works, Twitter stores all of its internal documents on Google Docs.
The administrator whose account was hacked used the same password for both his personal e-mail and his Google Docs login. Yes, web applications are sure to overtake desktop applications any day now.
Hacker Croll didn't exploit any software vulnerabilities. He exploited stupidity. To crack this personal e-mail account, all he had to do was answer a security question, which is the same way that a hacker gained access to Sarah Palin's personal e-mail account during the 2008 election.
(...)
More likely than not, if you had the login information from some office drone who spends his day cultivating a corporate tan under the fluorescent lights of a private, climate controlled hell, you most likely had credentials for a Windows NT domain or Active Directory.
(...)
And just for the sake of completion, if you know a TechCrunch writer's account information can load up http://www.techcrunch.com/wp-login.php and start posting about how online productivity suites will save us all from a hoof to the face by the savage brute in Redmond."
Twitter docs hack exploits stupidity vuln More Login
Twitter docs hack exploits stupidity vuln
Slashdot Top Deals