Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Hack Details Revealed

Posted by CmdrTaco on Thursday January 8, 2009 @05:10AM from the my-password-is-p4ssw0rd dept.

Jack Spine writes "Twitter co-founder Biz Stone has confirmed both to ZDNet UK and Wired's Threat Level blog that a dictionary attack was used to hack Twitter. After the hacker distributed details on the Digital Gangster forum, celebrities such as Britney Spears and Barack Obama had their accounts defaced. Wired spoke to the alleged hacker, while ZDNet UK got in contact with someone who had been on the Digital Gangster forum at the time."

3 of 222 comments (clear)

Min score:

Reason:

Sort:

Limit logins without DOS? by Manip · 2009-01-08 05:47 · Score: 4, Interesting

This is one of my favourite security conundrums.
How do you limit someone's login attempts to an account without allowing an account to be denial of serviced?
Captcha - hurts young, old, and disabled users. It can also make it hard for normal users if poorly designed (as many are).
IP Limit - Very easy to bypass with a proxy list.
Hard Account Limits - Denial of service
Thus is the problem. How do you limit logins without hurting legitimate users?
1. Re:Limit logins without DOS? by Phrogman · 2009-01-08 06:19 · Score: 4, Interesting
  
  Perhaps even add +x seconds after every attempt, so your first attempt goes through and fails the next one has a delay of 5s and thereafter its incremented. Most users will get their password correct on the second try or perhaps the third, the script will die a slow death.
  
  --
  "The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
Comment removed by account_deleted · 2009-01-08 06:31 · Score: 4, Interesting

Comment removed based on user account deletion