Obama's Twitter Account "Hacked"

Oxford_Comma_Lover writes "A 24-year-old living with his mother in France was arrested for 'hacking' into Obama's twitter accounts. (Warning: WSJ does obnoxious paywall things. Your miles may vary.) Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people; he has no computer science training or financial motive. He posted screenshots to a few boards and twitter found out within a few hours, either from a tip or from noticing when someone from France logs onto twitter as the President of the United States. (He did not actually tweet as POTUS, but just wanted to show he could break into the account.)"

He shouldn't be arrested

[Monkeedude1212]

Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people

If thats all it takes then the system is broken, not the people abusing it.

Re:He shouldn't be arrested

[magsol]

Or the users need to cease using common knowledge as the answers to these not-so-security questions.

Re:He shouldn't be arrested

[girlintraining]

If thats all it takes then the system is broken, not the people abusing it.

Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me. Jeez, I mean, what do you expect a criminal to do? Hey, btw -- what kind of slashdot poster are you, I didn't find any ramen to eat while you were out running errands either. I really wanted to have a snack after cleaning the place out. Ungrateful jerk...

Re:He shouldn't be arrested

[Monkeedude1212]

The "Security question" system in itself is the weak point in most security situations.

Mother's Maiden name?

Pet's first name?

Favourite Band?

How long do you think it would take to brute force any of those with a simple script? There's no point in making sure your passwords Really strong if your security question can be as weak as a noodle.

Re:He shouldn't be arrested

[Ed+Peepers]

I sympathize with this guy in that they'll probably throw the book at him, but should burglary be allowed simply because locks are easy to pick?

Re:He shouldn't be arrested

[drachenstern]

I just wanna know if it had the phone number to Obama's Blackberry synced and if those were in the screenshots...

Re:He shouldn't be arrested

[DragonWriter]

If thats all it takes then the system is broken, not the people abusing it.

Its pretty trivial to break into most homes, cars, etc., but when people actually do it, we consider their actions to be the problem.

I don't see why the fact that it is a computer system means that there is suddenly nothing wrong with the actions of the person deliberately breaking in.

Sure, its fairly trivial for an online service to institute better security than "guess an fairly easy question and get access", so there are grounds for saying that the system has a problem. Its another thing, though, to go further and say that it is the system and not the intruder that is the problem.

Re:He shouldn't be arrested

[magsol]

I agree, it's a double-edged sword. The system lends itself to simple questions with answers that are easily guessed, and simultaneously users make themselves very predictable. I should have started my previous comment with "And" instead of "Or".

Re:He shouldn't be arrested

[magsol]

Crap, I didn't mean "two-edged sword", I meant "insult to injury". I'm confusing my fighting metaphors here.

Re:He shouldn't be arrested

[Monkeedude1212]

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

However, not using a security question, or using one that is as difficult to guess (Symbols, upper lower case, etc) - is like locking the doors. It will deter most criminals.

If someone SERIOUSLY wanted to hack into Obama's Twitter and cause a ruckus, they would, and I would sympathize for the Prez. But when some dude in France is pulling it off to show off his "leet skills", when all he's doing is guessing, yeah - I think I know who to really blame.

Next thing I know I'm going to read the NSA is still using WEP/TKA!

Re:He shouldn't be arrested

[Sir_Lewk]

Although blaming the victim is never politically correct, realistically they generally do share some of the blame. If I leave my bike sitting on the sidewalk of any major city and fail to lock it to anything, do you really think it's not my fault at all when it gets stolen?

Re:He shouldn't be arrested

[clone53421]

Mix metaphors thoroughly, serve confused.

Re:He shouldn't be arrested

He should be arrested and forced to use Windows for the rest of his life, that will serve him right! Never again will he feel the awesome power of Open Source Software, which is inherently superior to Closed Source Proprietary software.

Re:He shouldn't be arrested

[KarlIsNotMyName]

Flamebait?

Personally I hate security questions. The suggestions are always obvious things where most you need to know is the person that owns the account.

The only safe thing is to not put an actual answer as the answer.

Re:He shouldn't be arrested

[cosm]

If I take my keys and guess a random house to try them on, and get in, it isn't the locksmith's, homeowner's, nor key's fault I trespassed. I conscientiously decided to take the action. It is true that simple attack vectors make things prone to exploit, but the responsibility for the intrusion lies on the individual knowingly exploiting that vector.

Saying it could have been prevented by a better "system" and then redirecting the blame is like blaming my broken leg on the car manufacturer for not installing a reinforced titanium in the event I choose to plow into a tree.

Re:He shouldn't be arrested

[Monkeedude1212]

Suppose your door is left unlocked, but latched. And there are about A hundred Doorknobs on your door, only one of them actually opens the door.

This is essentially what happened. Had they locked the door, IE, not made a guessable password or security answer, he wouldn't have gotten in.

Re:He shouldn't be arrested

[0100010001010011]

Who says the answer has to be 'right'?

For example every website that wants "Mother's Maiden Name" gets a sha1(md5($maidenname)). Technically accurate but no one is going to 'guess' it.

Same goes for all other questions. It doesn't even have to be as complex as a hash. Just do a simple reverse or Rot13.

Last name: Smith.
Reversed: htimS.
Rot 13: ugvzF.

Now the last name is technically accurate, even if it is permuted.

Re:He shouldn't be arrested

[gambino21]

What victim? It says he didn't even make any posts. This seems more like opening the unlocked front door of your house, saying "yep it's open" and then leaving without taking anything.

Re:He shouldn't be arrested

[clone53421]

Yes, which is why my “security” questions all have correct answers that look like gibberish.

But most people just put the answers.

Re:He shouldn't be arrested

[HateBreeder]

Ideally, It wouldn't be your fault at all.

Realistically, you should know better.

So it really depends on your POV... are you an insurance company trying to avoid paying a claim? or are you an Idealist trying to get justice?

Re:He shouldn't be arrested

[rolfwind]

Or the users need to cease using common knowledge as the answers to these not-so-security questions.

Well, when the system forces it upon you, you sometimes have no choice.

To me, it's the equivalent of needing 2 passwords instead of one, and I never fill out my security questions with anything but random data. It's truly a PoS security wise. I even hate it more when you can't type up your own question.

I wonder if facebook has "Your highschool?" or something equally stupid as a security question, when you're there to catch up with old friends in the first place.

Re:He shouldn't be arrested

[Dishevel]

Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me. Jeez, I mean, what do you expect a criminal to do? Hey, btw -- what kind of slashdot poster are you, I didn't find any ramen to eat while you were out running errands either. I really wanted to have a snack after cleaning the place out. Ungrateful jerk...

it is not like "Blaming the Victim" means you do not blame the perp. Just because the criminal is wrong dose not mean that you have to ignore the stupidity of the victim if it exists. I really have a problem with people who just post crap with no thought put in whatsoever.

Re:He shouldn't be arrested

In front of me, asleep, is a nasty dragon who needs a good beheading. As I raise my broadsword to deal the death blow, the back edge of the blade slices into the arm of my pal Eddie, who squeals, and the dragon wakes & flies away. This really pisses me off, so I put some salt on the wound to make him keep squealing, then I tell him how fat & easy his mom is. Fucking Eddie. I guess I should have used the katana.

Re:He shouldn't be arrested

[girlintraining]

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

You know, bathroom locks in most homes and apartments can be opened with a straightened paper clip. There's a reason for this: You can't accidentally open the door, but if there's an emergency (say someone has a fall, or locks themselves in to overdose on pills) the door can be easily opened.

Pointing out the flaws of the security system don't relieve the person overriding it of their ethical responsibilities to their fellow human beings. Most security exists merely to satisfy the restraint that breaking it isn't accidental, because strong security can impede a variety of legitimate activities. As one example, my cousin lives with roommates who steal her pills, so she had a lock placed on her bedroom door. However, she needed me to get into the room while she was away to get some paperwork. So I fashioned a simple lock pick and gained entry (with the owner's permission). The average person would be unable to do this, but as a security expert, I can. However, I did not do so without permission, because that would be a violation of privacy, however trivial it was for me to actually open the door (about 5 seconds).

Re:He shouldn't be arrested

[G2GAlone]

If you saw a quarter on the ground would you refuse to pick it up because it belonged to someone at one point? It's just laying there on the ground. The person that lost it probably doesn't even care, right? Where do you draw the line on morality and circumstances? I know it's a far stretch but even though the blame is obviously on the hacker, don't you think the POTUS should be a bit more careful? Especially in this day and age. I would be tempted to give him a firm slap in the face if I knew he had ever considered using "password" for an account password, or his mother's maiden name for a security question. *looks over shoulder for secret service*.

Re:He shouldn't be arrested

[MBGMorden]

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

Not being surprised isn't what you said. You said the guy shouldn't be arrested. Effectively, the parallel is that if someone DID leave their door unlocked, and someone came in and stole their stuff, then that person shouldn't be arrested either.

No matter how weak your security is, if someone trespasses, steals, or otherwise breaks into a computer or a house, then they need to be punished. Claiming that the security was so weak that it wasn't much trouble for you simply isn't an adequate defense.

Re:He shouldn't be arrested

[Sleepy]

WHAT lock?

I walked by your door, and it turns out you hung a PHOTOGRAPH of a lock and there was no security.
That's like leaving a shoebox of money on the sidewalk with a note "please do not take or open".

Your metaphor alleges direct physical access and brute force. Think before you post.

Re:He shouldn't be arrested

[girlintraining]

or are you an Idealist trying to get justice?

Idealism is the virtue of the rich. The poor do what is necessary to survive. Your stolen bike may have fed someone for a week. Doesn't make it right, nor does it devalue aspiring to an idealistic society where locks are not necessary -- but realistically, so long as poverty exists, so will crime. And even if poverty didn't exist, there would still be thrill-seekers. So yes, it's impractical to be an idealist -- but we should still strive when possible to reach for idealism.

Re:He shouldn't be arrested

Doc: You know what they say: People in glass houses sink sh-sh-ships.
Rocco: Doc, I gotta buy you, like, a proverb book or something. This mix'n'match shit's gotta go.
Doc: What?
Connor: A penny saved is worth two in the bush, isn't it?
Murphy: And don't cross the road if you can't get out of the kitchen.

--

Doc: Why don't you make like a tree, and get the fuck outta here?

Re:He shouldn't be arrested

[NotBornYesterday]

What is surprising is that out of the 6+ billion people on earth, only this guy seems to have had the motivation (if, indeed, you can calla 24-year old living with his mother "motivated") and imagination to do this. You would think that someone would have done this already either for shits-n-giggles, or possibly more sinister purposes.

Re:He shouldn't be arrested

[girlintraining]

What victim? It says he didn't even make any posts. This seems more like opening the unlocked front door of your house, saying "yep it's open" and then leaving without taking anything.

That's still tresspass in the real world. It's reasonable to expect that the residence was occupied and the owner could have been located prior to gaining entry, same as having 'no tresspassing' signs posted. There may be no security present to stop you, but that's not a valid argument for entering the premises.

Re:He shouldn't be arrested

[Kelbear]

The Law is there is preserve order, it only dispenses justice on occasion coincidentally.

That's why there is a human component involved, judgement is required to evaluate the situation in comparison to the abstract scenario around which the Law was crafted. Then they can see how the Law should be applied in this specific situation.

If the man broke in, and did no harm, in fact, doing nothing other than highlighting the flaws in security, then he has provided a service with no detriment. A reasonable human perspective can see that the "hacker" doesn't deserve severe punishment. Should another hacker break-in and try to do damage (and even fail to do damage), it would be reasonable to say that this hacker /should/ be punished even though the end result of both hackers' attempts are the same.

Re:He shouldn't be arrested

[Maximum+Prophet]

Who says the answer has to be 'right'?

Your memory.

If you can remember all that, you can remember your password.

On the other hand, if you use the same obfuscation on multiple web sites, then you are protected from the general population, but not from someone who can get ahold of your secret answers from several sites. Rot13 isn't too hard to figure out. Then they can log into all the sites that you've protected this way.

Secret Question/Answer is not a good way to secure a system.

Re:He shouldn't be arrested

[NotBornYesterday]

Yes, but the White House has better security than John Q. Public's house, and for good reason.

Re:He shouldn't be arrested

[clone53421]

He didn’t “steal stuff”, he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.

Re:He shouldn't be arrested

[girlintraining]

it is not like "Blaming the Victim" means you do not blame the perp. Just because the criminal is wrong dose not mean that you have to ignore the stupidity of the victim if it exists. I really have a problem with people who just post crap with no thought put in whatsoever.

Then may I suggest you stop posting? You've created a straw man here. I never said "don't blame the criminal". I was advocating the reverse of that position: The liability is with the criminal. Also, I never stated one should "ignore the stupidity of the victim" -- the victim's intelligence, or lack thereof, is no reflection on the ethics or legality of what was done.

To go a step further, if you were to take a person's intelligence into account when evaluating their rights and responsibilities in society, we would find ourselves in the very unfortunate position of discovering that the majority of people are either ignorant, or stupid. The removal of their rights or responsibilities to society would do nothing to solve this social problem. It would simply mean that criminals would be smarter, but not necessarily in any better position financially or otherwise to not consider criminal activity.

Re:He shouldn't be arrested

[ezzzD55J]

ITYM the equivalent of *either* of 2 passwords instead of one. Where one of the two (the answer to the security question) is often easy to find out. I agree with you totally btw :) I always give em random answers too.

Re:He shouldn't be arrested

[Limburgher]

I have several accounts with these sorts of dumb mandatory security questions. I make up totally crap answers(Favorite band? Rheumatic fever. Highschool? George Clinton. That sort of thing.) and stick them in an encrypted spot.

The ones that let you create the question are much better.

Re:He shouldn't be arrested

[girlintraining]

Your metaphor alleges direct physical access and brute force. Think before you post.

My metaphor alleges nothing. On behalf of the accused, I plead innocence. As to thinking before I post, you've failed to consider the central argument I have made: The presence or absence of an access control mechanism does not relieve the person gaining entry from their ethicial and legal obligations in doing so.

Re:He shouldn't be arrested

[GIL_Dude]

While that is absolutely true, most systems don't then let you immediately logon with a recovered password. They generally mail a new password to you. So you need to already know the password to the user's email account so that you can logon there and actually get the password. Systems that aren't doing at least that are not very secure.

Re:He shouldn't be arrested

[girlintraining]

You would think that someone would have done this already either for shits-n-giggles, or possibly more sinister purposes.

Most people are too concerned with paying the bills, working, and dealing with their own personal drama to waste their time on such exploits. This is why most petty criminal activity is done by those in the 13-25 age group, particularily males -- it's simply boredom. They haven't filled up their life enough yet, and want a cheap thrill.

Re:He shouldn't be arrested

[geekoid]

No. even having one is like having your doors locked. No door lock prevent criminals from stealing your car, it only expresses your intent that onlu authorized people should be allowed to enter.

Then that analogy explodes.

Having a password at all indicates that the intent is that no one else should go in.

I don't care if your password is password.

Re:He shouldn't be arrested

[geekoid]

It's still trespass.

Seriously, what would you do if your neighbor picked your lock, took picture of your house and then left?
Had you left your door open,, Then your point would be valid.

Re:He shouldn't be arrested

[girlintraining]

He didn't "steal stuff", he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.

Which is still trespass, and he posted the evidence of his crime publicly. Idiot. If you want to demonstrate the ease of breaking security, then educate people responsibly and ethically. This person did neither.

Re:He shouldn't be arrested

[228e2]

Nominated for most insightful post of the year.

Re:He shouldn't be arrested

[cmiller173]

He replaced all the stuff with exact duplicates of the same stuff.

Re:He shouldn't be arrested

[djnforce9]

It's fine when you can choose YOUR OWN security question and answer. However, many sites limit you to a pre-defined selection of questions which I found to be very annoying. The only way to really secure yourself is make the answer not related to the question or even as a secondary password that you know you'll never forget.

Re:He shouldn't be arrested

[geekoid]

Irrelevant to the point. The fact that the door was latched means they don't want people snooping around.

And password is the lock. Society doesn't say 'well, he had a cheap lock on his front door, so it's ok someone picked it and enter the premises.

"he wouldn't have gotten in" You know of a unbreakable password scheme? Becasue any password scheme is 'guessable' It's just the amount of time used.

Re:He shouldn't be arrested

[geekoid]

Yes, but even if it didn't it would still be wrong to trespass.

Re:He shouldn't be arrested

[TheRaven64]

Who says the answer has to be 'right'?

Your memory. If you can remember all that, you can remember your password.

My US bank uses security questions and asks me one whenever I log in from a new IP address. This only happens every year or so, because I always log in from home and my home IP only changes when the cable company does some resegmenting. If I didn't put easy-to-remember things in the security questions then I'd have to write them down somewhere. The 'secure' questions are actually less secure than the password.

Re:He shouldn't be arrested

[shawb]

Opened the door for kicks, took photographs of the inside of your house, and then went around saying how easy it was to get in.

Re:He shouldn't be arrested

[e2d2]

You nailed it with the hash. One way hash with salt is delicious. Storing actual passwords, even encrypted (two-way), is a bust.

If they forget you reset and send the reset password to a known email address with no login credentials, you do not send them the password or the username together. It's not fool proof but it beats "guess your password and we'll let you in". Tying the user to a known email address with a reset function helps thwart this type of attack.

Re:He shouldn't be arrested

the new/reset password will be sent to a/c holder's email address. was his email address also hacked?

Re:He shouldn't be arrested

[egcagrac0]

Some of us are smart enough to learn from the mistakes of others.

[sarcasm on] Some of us are French, 24 years old, and live with our mother. [sarcasm off]

Re:He shouldn't be arrested

[failedlogic]

I agree. I just use random words/numbers/phrase as the answer.

Mothers' maiden name:
646782132987651316546
OR
Rain Falling on my window

All work. Of course the phrases or word combinations are so simple. I remember them. Who cares if its the right answer.

Re:He shouldn't be arrested

[clone53421]

Trespass is a less severe crime.

And that’s not even considering the fact that he didn’t pick the lock (guess the password), he answered a few simple questions and was given access by the automated doorkeeper.

Re:He shouldn't be arrested

[fulldecent]

There is a difference.

IRL, if you do something wrong and someone catches you red handed, you are right there. They can detain you, they can identify you, they can retaliate. If if you broke in their house, they can shoot you dead. Also, at that time, they are in the same jurisdiction as you.

The internet is different. PROTIP: Always keep a list of countries that don’t extradite to the US. You never know when it will come in handy.

Re:He shouldn't be arrested

[The+MAZZTer]

I just use a password generator and dump the output there, and store it along with my password in my KeePass Password Safe. Defeats the purpose for password recovery but who cares.

Re:He shouldn't be arrested

[Ed+Peepers]

I agree that someone who breaks into your house and doesn't murder you should be punished less than the person who does, but that doesn't mean I'm cool with the former.

Re:He shouldn't be arrested

[Hurricane78]

Oh come on! You know exactly that a normal password is not triple deadbolts. A normal password is exactly like a normal door lock!
And this here is like putting the key to the White House’s front door under the rug! Stupid, stupid, stupid!
And the guy basically just went: “Ha ha, do you know those stupid people who put their keys under the rug? It’s the first thing any robber would think of! These people are so stupid! But imagine if the president would do that. Lol. Oh, wait... He DOES! LOOOOL! EPIC FAIL! ... But let’s not be a dick and just show them how much of a failure they are. Maybe they learn something from it. ^^”

I would have done the exact same thing. And so would you!

Re:He shouldn't be arrested

[Minwee]

There's no point in making sure your passwords Really strong if your security question can be as weak as a noodle.

You just need to use a strong password as the answer to your security question too. Ms. bxa)jdWu0U3$[d*=Wh$S`XYft?g%q~% didn't raise no fools.

Re:He shouldn't be arrested

[caluml]

And for famous people, it's even easier. Mother's maiden name?Dunham

Re:He shouldn't be arrested

[Hurricane78]

You know, bathroom locks in most homes and apartments can be opened with a straightened paper clip. There's a reason for this: You can't accidentally open the door, but if there's an emergency (say someone has a fall, or locks themselves in to overdose on pills) the door can be easily opened.

Interesting... I would just have kicked the door out with a straight kick. ^^
You learn something new every day...
But I still think my way is cooler!

Chuck

Re:He shouldn't be arrested

My *bank* uses favourite food. Who wants to bet like 66% of answers are pizza?

Re:He shouldn't be arrested

[clone53421]

If they fell against the door, it might be safer to open it gently... for their sake.

Re:He shouldn't be arrested

[whargoul]

Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people

If thats all it takes then the system is broken, not the people abusing it.

The key is that he broke in, not that he guessed Barry's password. He should be arrested regardless of who's account he broke into.

Re:He shouldn't be arrested

[idontgno]

Highschool? George Clinton.

Whooooaaa, dude. You went to George Clinton Prep? Hot damn, that's awesome. "The Fighting Atomic Dogs". I loved their basketball team. And their band. And their student government was... funkadelic.

Re:He shouldn't be arrested

[brkello]

Scary, I actually agree with you on this one.

Re:He shouldn't be arrested

[dissy]

Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me.

My password is indeed 12345, and it's perfectly OK to post here because it is a SECRET password.

If you hack into my password and guess it, you should go to prison for life, just like you advocate!

Ooops, looks like you 'guessed' it from my post, er i mean hacked into my password.. Hope you either really enjoy prison, or really enjoy being a hypocrite.

Re:He shouldn't be arrested

[Sir_Lewk]

People steal bikes so that they can eat. Right.....

Crime is indeed a fact of life, but I really don't think poverty is the only motivating factor. Chances are most people who steal bikes in major cities do it for drugs, which I suppose might be related to poverty, but I wouldn't really call that the cause. Greed and laziness is more of an issue I think, laziness also being a cause of much poverty.

Re:He shouldn't be arrested

[dissy]

Yes, but the White House has better security than John Q. Public's house, and for good reason.

Well, twitter passwords excluded of course ;}

Re:He shouldn't be arrested

[apoc.famine]

My strategy is to have a couple of those "answers" in a text file on my computer. Sure, if someone gained access to my machine, they might stumble upon it, and randomly try it as a password. But unlikely they'll use a random phrase with special characters it in the "what school did you graduate from" field.

I only have a couple of such phrases, one with special characters and one without. It's the only method I've come up with which doesn't put my account at more risk.

Re:He shouldn't be arrested

[shadowrat]

Nobody is going to have any sympathy for you, but you won't be punished.

However, if they happen to find the person who stole your bike in possession of your bike, they can be punished.

Re:He shouldn't be arrested

[EvilBudMan]

I bet that lock pick was a credit card if there wasn't a deadbolt present.

Re:He shouldn't be arrested

[Sir_Lewk]

Depends on how you define punishment. My insurance company will no doubt be less than sympathetic, which may cause a financial punishment of sorts.

Re:He shouldn't be arrested

[MobileTatsu-NJG]

If thats all it takes then the system is broken, not the people abusing it.

Actually it's both.

Re:He shouldn't be arrested

[qazwart]

I always just answer "The Senator from Connecticut in 1893" for all of my security questions. No one will ever guess that!

(Whoops!)

Re:He shouldn't be arrested

[Jarjarthejedi]

"You know, bathroom locks in most homes and apartments can be opened with a straightened paper clip."

If you used bathroom locks on your front door I wouldn't be surprised if your house got broken into.

Is it still wrong to break into your house? Yeah, but making it far easier to do isn't very smart. If you want to be secure you put a secure lock on your front door, you don't accuse the person breaking in of violating your privacy. Same principal.

Re:He shouldn't be arrested

My answer to every security question is "I fucked your mother." It goes over real well when someone has to ask you your security question over the phone. Posting anonymously because this is true.

Re:He shouldn't be arrested

[kz45]

"Crime is indeed a fact of life, but I really don't think poverty is the only motivating factor. Chances are most people who steal bikes in major cities do it for drugs, which I suppose might be related to poverty, but I wouldn't really call that the cause. Greed and laziness is more of an issue I think, laziness also being a cause of much poverty."

I agree with this.

If someone is so poor they can't afford to eat, they could try to find a job instead of stealing your bike. Even Fast food places will hire people with no skills. The money isn't great, but you would still be able to buy food.

I'm really sick of people excusing criminals because they are a product of a bad environment. We do have something called free will.

Re:He shouldn't be arrested

[bondsbw]

If I take my keys and guess a random house to try them on, and get in, it isn't the locksmith's, homeowner's, nor key's fault I trespassed.

You're right, but the owner has a reasonable expectation of security... he bought a lock and key. The manufacturer who produced the faulty lock should have some liability... and they do if they guarantee the lock (or if their government has laws holding them liable).

The fact that the trespasser is to be held criminally liable is a separate, but still important, issue.

Re:He shouldn't be arrested

[kinthalas]

My solution is clearly better. I always answer "Batman".

Re:He shouldn't be arrested

[biocute]

Pet's first name?

Are you implying that pets have first names, middle names and family name? Maybe we can also throw in a maiden name for that bitch?

Re:He shouldn't be arrested

[BobMcD]

One way hash with salt is delicious.

Hashbrowns with salt and pepper are delicious.

I'm not sure that other thing you're talking about is even food...

Re:He shouldn't be arrested

[clone53421]

Apparently Twitter doesn’t have secret questions at all. You can have a password reset request sent to the registered e-mail address.

TFA is rather misleading, because what actually happened was the guy broke into a Twitter employee’s Yahoo account (hello Palin! do we never learn?) and then used that Yahoo account to find other information that he shouldn’t have. — according to this article.

Re:He shouldn't be arrested

[BobMcD]

we would find ourselves in the very unfortunate position of discovering that the majority of people are either ignorant, or stupid

Common misconception, by the way. The gap between the 'normal' and the 'smart' is really, really minute. It really tends more towards attitude, circumstance, etc, than actual utilization of the brain.

Re:He shouldn't be arrested

[vux984]

If thats all it takes then the system is broken, not the people abusing it.

Its twitter not a bank account. Just how secure do you really need twitter to be? Oh noes, somebody not me can annoy people 140 characters at a time. We need better security!

Re:He shouldn't be arrested

[Stepnsteph]

My thoughts exactly. This fella doesn't deserve to be arrested considering that he didn't do anything with the account. Seeing as their system is so easy to crack they should be thankful that this was brought to light rather than abused.

Sure it's a 'round about way to do it, but a slap on the wrist is quite enough IMO.

Re:He shouldn't be arrested

[Monkeedude1212]

Irrelevant to the point. The fact that the door was latched means they don't want people snooping around.

And password is the lock.... Becasue any password scheme is 'guessable' It's just the amount of time used.

Its not irrelevant. The fact that a password exists suggests that you don't want people to get in. But its only as effective as its weakest link, in this case, the security question.

Yes - any password is guessable, but the idea is to make it more difficult to guess, so that it takes so much time that its impractical to guess it. This is why various capital, lower letters, and symbols make stronger passwords, since every brute force script in the world tries known dictionary words with numbers around it first.

Just like any lock is pickable, it just takes time. Clearly you aren't going to use the kind of lock on your bathroom that you would on your front door, anyone with a nail could break in. I'm just pointing out, if they don't want people logging in other people's twitters account, take out the weak point. Because the password is fine, the security question idea is just ridiculous.

Re:He shouldn't be arrested

[Impy+the+Impiuos+Imp]

> Apparently he guesses the answer to a question related to password recovery
> in order to break into the accounts of famous people

"To confirm it's you, please answer this question you answered when you created the account:

"Where were you born?"

"Hawaii"

"Incorrect. You have 2 more attempts."

"Kenya"

"Correct. Your password has been reset to Password01. Please change it as soon as you log in."

Oh oh, yeesh. How humiliating.

Re:He shouldn't be arrested

[commodore64_love]

No actually it's the physical equivalent of breaking-and-entering. You may not have taken anything but you still cracked the lock.

Re:He shouldn't be arrested

He didn't "steal stuff", he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.

And he performed a valuable public service. By his demonstrating the flimsy not-even-security, maybe the system will be fixed.

I'd prefer that to having some start putting out bogus tweets in the president's name that people might act on.

Re:He shouldn't be arrested

[spintriae]

So if I were to walk around looking under doormats for spare keys to people's houses, then there's nothing wrong with me? Just the people I take advantage of?

Re:He shouldn't be arrested

[DragonWriter]

When you break into a home or car, the hard part is to get through the front door made of solid wood, which is as designed.

Only if you are trying to break into the rare home or car that lacks windows. (Not to mention that most cars don't have doors made of "Solid wood" in the first place.)

The system is broken because it causes people to be less secure, when the ostensible goal is to make them more secure.

A security question does not have even the ostensible goal of providing additional security, its purpose is to add convenience in the event of a lost password, at the expense of security. The "security" in "security question" refers to it being (though only slightly) more secure than just giving your password to anyone who claims to be you who asks for it.

Re:He shouldn't be arrested

[BikeHelmet]

No, he's right in this case.

If he had twittered something, then it'd be different - but this is about as white hat as it gets.

It's very similar to someone walking around turning doorknobs until he finds a house with an unlocked door, then leaving a note that your door was unlocked and he could've stolen everything.

It's not accurate to call a security question a "lock". Most sites have mandatory security questions - stuff like your first pet, mother's maiden name, or first school. In this day and age, all that info will be listed on the first page of Google, so unless you make your answer GHS75Y237HERDSNS94 or something, it's not a "lock".

Re:He shouldn't be arrested

[Stan+Vassilev]

Mother's Maiden name?

Answer: K3kRDQ59r950ed

Pet's first name?

Answer: I5H2KzAB9fT6fN

Favourite Band?

Answer: 25u9yC1DTIkHR6

Just because the question says something, doesn't mean you can't fill-in anything else. Of course, that doesn't take the blame from the sites for introducing a security hole many regular folks fall into.

Re:He shouldn't be arrested

[Dhalka226]

If I reported that someone logged into my Twitter account, and they found who did it - am I to expect he would face jail time and a fine as well?

They probably wouldn't consider it worth their time and expense to prosecute. However, at least in the US and in many other places unauthorized access to a computer account is absolutely illegal. In fact, in the US, it's a felony.

Would they prosecute? I don't know. Probably not. Could they? Absolutely.

Re:He shouldn't be arrested

[Meski]

"Robin, I am your father", it sounds so wrong coming from Batman

Re:He shouldn't be arrested

[jandersen]

If thats all it takes then the system is broken, not the people abusing it.

That is a rather bizarre point of view; can I take it to imply that if you pop down to the corner shop quickly without locking your front door, then it is OK for me to go into your house, have a loo around and take some pictures? This analogy is perfectly valid - your house is connected to a public network of streets, and anybody passing by could go up to your door and try the handle; they could even claim that "it is for you own benefit because it is a 'security check'".

I wouldn't be surprised if you are also one the guys that take an extreme stand on the matter of privacy - funny thought, really.

Re:He shouldn't be arrested

[metacell]

Yes, the system is broken, but we still can't allow people to access other people's broken systems. It's not ok to walk into a strangers house just because the lock is broken.

Re:He shouldn't be arrested

[clone53421]

Doubtful. It was a Yahoo! account that he hacked, by the same stupid secret question system that a hacker used to get into Palin’s account. How many more Yahoo! accounts need to get hacked before they figure out how stupid their secret question system is?

Re:He shouldn't be arrested

[jakykong]

In the Facebook and Twitter era, the concept of "common knowledge" seems to be a tautology. If you already share everything except your password, then nothing at all makes a good security question; all someone needs is a Facebook account to look up whatever answers they need/want.

Just my $0.02.

Re:He shouldn't be arrested

[Golddess]

Technically accurate but no one is going to 'guess' it.

Presuming you just told the truth, they will now :P

The password

I heard was "Let them eat cake"

Re:The password

[Hurricane78]

And the next president’s password will be: “OLOLOL TeH CaeK iz a LiE!!!1!1one(lim (x->0) (sin(x)/x))”

What?

[Vinegar+Joe]

They have basements in France?

Re:What?

[nhytefall]

I think they call them "The Underground". Or, in popular parlance, "The Sewers"

Re:What?

[guspasho]

I know, I was shocked that they have computers and electricity.

Re:What?

They have basements in France?

In France they call them Royale With Cheetos.

Laugh It Off

They laughed it off when Palin was hacked...Will they laugh now for the POTUS?

Re:Laugh It Off

That would be in keeping with their two faced sense of outrage.

Re:Laugh It Off

[natehoy]

They did?

His trial starts April 20.

http://www.myfoxmemphis.com/dpp/news/local/032410-apx-david-kernell-in-court-in-palin-hacking-case

Obviously you and I have very different definitions of the term "laughing it off". Last I checked, it doesn't include arresting someone, having them post bail, and charging them with multiple felonies that carry jail sentences. I'd hate to see what your definition is for actually being held responsible for something.

Having said that, they should let David go, and they should also let this French kid go. If you're stupid enough to use easily-accessible public information for your security question, you pretty much deserve what you get. In both cases, these were private, not government, email accounts that were broken into.

Re:Laugh It Off

[spun]

Who is 'they?'

Re:Laugh It Off

[jdgeorge]

As I understand it, in the first case it was them, but in the second is was those other people... though I guess it could have been the same "they" in both cases.... You're right, I'm confused.

Unless... the two faces. The first "they" is one face, and the second "they" is the other face. Yeah, That's it.

Gah, too much Slashdot for me, lesson learned. I think the key messages here are that Twitter is not super-secure, and a lot of people aren't sympathetic when unfortunate things happen to people they don't like.

Re:Laugh It Off

[billy8988]

Huh...Revisionist history?
She was criticized for using personal yahoo email account to do state business.

http://voices.washingtonpost.com/44/2008/09/17/palins_yahoo_account_hacked.html

Re:Laugh It Off

[sycodon]

I think "they" could be considered the Political punditry, bloggers and posters on sites such as the DailyKOS, Huffington Post, Etc.

But this is so new, I have not seen any opinions from "these people". So who knows if "they" will laugh it off or not.

Re:Laugh It Off

[spun]

Oh. But nobody laughed it off when Palin was hacked. The guy who did it is more than likely going to jail. I don't get it. What are these anonymous cowards complaining about, and why are they getting modded insightful?

Re:Laugh It Off

[sycodon]

I seem to remember some jackasses on MSNBC and CNN yukking it up over the fact that Palin's account was hacked.

But then I've been drunk several times since then.

And if you have ever read anything on the HuffingtonPost, then you know that most there will go waaay out of their way to justify anything that bolsters their causes. So I can imagine that no one there got their knickers in a twist over Plain's hacking event and most likely expressed support for the hacker.

And to the idiot that will inevitably say Citation Needed, you go paw through H.P. looking for it. I have drinking to get to.

Re:Laugh It Off

[danielsfca2]

To be fair, if Palin's personal email account was "hacked," (as in "guessed because of being an easy password") i think it was the fault of her own naive password habits and therefore reason to laugh at her.

Obama's Twitter, on the other hand, is obviously not actually used by him. Hate to break it to you, but the POTUS does not tweet. Some staffer, probably some young intern, is in charge of posting the official tweets from the press office each day. We should be laughing at that guy right now. If it had been something the President did himself then yes we should be laughing at him and I would be the first to have a chuckle. It's good to laugh. //I hate Palin and wish a moose would eat her.

He should've at least posted something.

Maybe "I am the great cornholio!"

Re:He should've at least posted something.

[Starteck81]

I was thinking "Hey guys Global Thermal Nuclear War later this afternoon... just thought you should know."

Re:He should've at least posted something.

[sheph]

Better yet, "Iran wants nukes, Russia wants us to get rid of some of ours, so we're sending them to Iran."

Re:He should've at least posted something.

[amliebsch]

No, no, no, he should have tweeted:

"My fellow Americans, I am pleased to tell you today that I have signed legislation that will outlaw France forever. We begin bombing in 5 minutes."

Re:He should've at least posted something.

[clone53421]

pfff, you think that would cause a furor? Just imagine if he posted “LOL, i was born in kenya after all, sure fooled u good:)”

The weakest link in any form of security

[Sabz5150]

is always the human being.

Good.

[geekoid]

Having a password clearly dictates the intent of the person is not to allow other people to use it.

If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime... or at least very rude.

Re:Good.

[clone53421]

Having a password clearly dictates the intent of the person is not to allow other people to use it.

Perhaps so, but what is indicated by having a system whereby your password is freely given to anyone who knows your mother’s maiden name, high school mascot, and first pet’s name?

Re:Good.

[badpazzword]

That would be accurate if you could choose to not have a password.

Re:Good.

[ShadowRangerRIT]

Technically, it probably didn't give him the password, just allow him to reset it. Using the lock analogy, it's like a locksmith agreeing to make new locks and keys for anyone who greets them by opening the door of the house; they don't check the ownership records and ID, they just assume that someone who was able to get into the house and hasn't been challenged has the right to change the locks.

Re:Good.

[pseudorand]

But no one kicked in any doors. All he did was tell people he found the key under the mat, a rather obvious place to look. Do we all really have a responsibility to keep the secrets of perfect strangers that we happen to learn? If he'd used the password, I'd say fine him or jail him, depending on how much trouble he caused or intended to cause. If he tried to sell the password, send him straight to jail. But if he simply embarrassed the whitehouse, thereby encouraging them to better secure their means of communication, then someone send that guy a metal for being a true patriot! And he's not even an American. Now don't we all feel bad about the whole freedom-fries thing.

Re:Good.

[clone53421]

Actually, I’ve perused the Twitter help pages and it doesn’t seem to use secret questions at all... it looks like it sends a password reset to your e-mail address via this interface. So to get into the Twitter account, you’d first have to get into the e-mail account that it was registered under... which seems to contradict the story, which said that he posed as a Twitter site administrator and got access by answering secret questions.

I’m going to need more data before I can rule on this one...

Re:Good.

[hanabal]

how about a system that give the front door key to anyone that looks under the welcome mat?

Re:Good.

[clone53421]

If you’ve also posted a sign saying “Forgot key? Guess where to look to find the spare”... then yeah; it’s kinda analogous to that.

Re:Good.

[girlintraining]

Having a password clearly dictates the intent of the person is not to allow other people to use it.

Not entirely accurate: Having a password is like a key. Anyone can possess it, but it's use is still governed by the permission of the owner. One password can be used by multiple people, or not.

If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime... or at least very rude.

Again, not entirely accurate: The presence or absence of an access-control mechanism provides no information on its intended use. The door could be locked because it's a bathroom that connects two bedrooms, and the person on the other side left through the other door and forgot to unlock it. There's the implication that a locked door means no entry, but it's not always or necessarily true.

Re:Good.

[maxume]

Perhaps the site administrators have powers that you cannot see?

Re:Good.

[clone53421]

That would require guessing users’ secret questions?

Does Twitter even have secret questions?

Or did he guess a site administrator’s secret questions, and gain access to a part of the site that normal users can’t see... which would make this is an entirely different situation...

Like I said, there are too many questions to judge this one.

Re:Good.

[brkello]

I agree, the person shouldn't have done this. But you can make the technology a tad stronger I think. Usually if you have to resort to a security question, it should e-mail you a new password to your password protected e-mail. So to get in, you would need to have that information as well. It sounds like Twitter's protection just lets you in with the security question, which I would say is broken by design.

But still, I am with you: good.

Re:Good.

[maxume]

Sorry, I was going by this:

http://blogs.wsj.com/digits/2010/03/24/twitter-hacker-ordered-to-appear-in-french-court/

It states that he accessed the accounts by breaking into a Twitter employee's Yahoo! account. I saw it elsewhere and assumed it contained the same info as the WSJ link in the summary.

Re:Good.

[Culture20]

Or anyone who happens to be in earshot: "What is your name? What is your quest? What is your favorite color?" Of course in that case copying didn't help.

Re:Good.

[clone53421]

Ahh.

Looks like the same story, but different information.

Breaking into a Twitter employee’s account and then using that administrative access to subsequently gain access into celebrities’ Twitter accounts is a little bit different than just guessing some secret questions, getting into a celebrity’s account, taking some screenshots, and publishing them as proof that you were there.

Follywood

[cosm]

Now is when they offer him a job (as the movies would have you believe).

Who cares

[snowwrestler]

What important data is stored within that Twitter account? What crucial lines of communication flow through it?

Re:Who cares

[GodfatherofSoul]

Being able to attribute comments to another person is power. Especially if that person's career is reliant on public perception such as it is for politicians, musicians, and actors.

log of 'hacked' password recovery session:

[circletimessquare]

q: "what city were you born in?"
a:"honolulu"
incorrect
a:"oahu"
incorrect
a:"kandahar"
correct

q: "what is your political affiliation?"
a:"democrat"
incorrect
a:"centrist"
incorrect
a:"fascist"
correct

q:"what is your favorite catchphrase?"
a:"yes we can"
incorrect
a:"change we can believe in"
incorrect
a:"from each according to his abilities, to each according to his needs"
correct

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some tea party morons out there might actually take my joke seriously)

Re:log of 'hacked' password recovery session:

[bsDaemon]

Wow... always knew that he was a fascist communist from central Asia. Everything is coming together now! (i hate teabaggers)

Re:log of 'hacked' password recovery session:

[SnarfQuest]

q: what is your favorite sport
a: football
incorrect
a baseball
incorrect
a: teleprompter tennis.
correct

Re:log of 'hacked' password recovery session:

[clarkkent09]

Congratulations, it's not easy to several different proofs that you are a moron in just two short sentences.

Re:log of 'hacked' password recovery session:

[clarkkent09]

(i hate teabaggers)

I have to say I don't understand the vitriolic hatred you and others on the left have towards the tea party movement. Can you explain it to me? The basic goals of fiscal responsibility (we certainly don't have it in Washington), government acting in accordance with the constitution (if you are against that, please explain why), and free market (the only economic system so far found to produce prosperity) sound ok to me. Of course there will be a few toothless simpletons and conspiracy theorists coming along for the ride in any grassroots movement. Even if you disagree with those goals, I still don't understand the hatred. There are lots of things I disagree with and yet I don't feel the urge to resort to name calling, as much fun as it can be sometimes.

Re:log of 'hacked' password recovery session:

[bsDaemon]

I used to be a paid functionary of the "conservative" movement. I use the term paid loosely, though, because I made shit for money and no benefits, but was forced to write propaganda against health care reform, even back in 2007. Most of these high-profile people against health care reform, I've met. Eric Cantor, for instance, I've met on several occasions. My hatred for the movement is largely to do with my own shame in having been part of that side of the aisle and actively working against my own interest, as well as that of many, many others of my countrymen. I'm sorry for all the crap that I helped do, but I learned my lesson, left and went on to other things. Maybe hate against movment members on the streets isn't warrented like it is against the party leaders, but I feel really, really bad for them that they either can't or won't realize that they're being manipulated to work against their own interests by the rich and powerful who serve as their puppet masters.

Re:log of 'hacked' password recovery session:

[Hurricane78]

And some fanbois might mod you a troll. Been there, seen it.

Protip: Always add the disclaimer at the BEGINNING of your comment! Because morons in rage never finish reading the comment, but jump to judging as soon as their rage treshold is reached. (YOU MAKE MORON ANGRY! MORON SMASH COMMENT!)

Re:log of 'hacked' password recovery session:

[roman_mir]

i love obama

- why, is he your cousin?

and i'm 100% for common sense healthcare reform

- certainly, but do you think what was passed is actually a healthcare or a reform or it that common sense was applied?

Re:log of 'hacked' password recovery session:

yes only conservatives have "puppet masters"...libtards are too pure of intent and totally own themselves. The fact that you used to have a brain is in no way evidence you have one now you fucking slashtard

Re:log of 'hacked' password recovery session:

[clarkkent09]

Hmm, so what you are saying is that that you were on the "wrong" side once, and now you are on the "right" side and you are angry that you were made to do dirty work for the wrong side. You are not actually giving any reasons for why one site is right and the other is wrong. If you think carefully about what is really in your long term interest, you will come to the conclusion that it is more economic liberty (which historically means more prosperity for everybody) rather than more government control (even if you are a temporary beneficiary of it). You won't have me arguing that the Republican politicians aren't corrupt, of course they are. But, so are the Democrats. You are the one who wants them to have more power over our lives, not me.

Re:log of 'hacked' password recovery session:

[bsDaemon]

Yeah, a lot of Democratic leaders are total schmucks as well. I just don't have personal experience with them directly. I met Obama briefly at one point and he seemed OK. I did vote for him, and I voted for Warner for Senate here in VA, though I voted for a Republican for Congress, because I'd met him a few times, felt him out (not up), and figured he was OK. But let us just put aside the leaders for a minute and say that I seriously doubt members of Congress are responsible for acts of domestic terrorism by the "tea party" Anarchists, on principal, would need to be against this bill as well, but they're not the ones (by and large) calling in death threats, taking shots at congressmen's district offices, etc. Although, the congress critters really aren't helping things at all with their over-the-top and, frankly, irresponsible rhetoric.

Re:log of 'hacked' password recovery session:

[tehcyder]

If you think carefully about what is really in your long term interest, you will come to the conclusion that it is more economic liberty

What you don't understand is that most people are not driven by economics or the love of money for its own sake, and so would prefer a reasonable social care system at the expense of some infringement on the pure free market.

Fake?

[moosesocks]

Wouldn't it be fairly trivial to fake those screenshots?

Re:Fake?

[Culture20]

It wouldn't be trivial for him to fake the system logs at twitter central which will definitely be subpoenaed. He'll have his proof that he hacked the account soon enough.

not hacked

[vxice]

just because you guessed a password does not mean you 'hacked' into anything.

Not "hacking"

[bsDaemon]

I don't even see how this can be dignified as "hacking" -- it's not even "script kiddy" in its complexity. If this weren't the President then I doubt it would even be news at all. But is the account even actually Obama's in the sense of, he actually takes the time to post on it himself? Doesn't he have a country to run or something?

Re:Not "hacking"

[Sleepy]

Exactly.

There's a lesson to be learned here... for Facebook and for the controller of the Obama twitter account.

The lesson LOST is all the clueless posters saying "this is like breaking down a bank vault door" and other nonsense which demonstrates a lack of understanding of "virtual". These are the same people who equate borrowing a friend's CD with armed robbery of a the artist's bank. It's no use correcting these people when they're knowingly being obtuse as a "talking point".

Re:Not "hacking"

[Petron]

People don't understand what hacking is... They think it's some person in a dark basement typing lines and lines of code.

Hacking is getting access to a system that you wouldn't normally have access to. Hacks have many levels of complexity. From Script kiddy (gaining access from diddling with minor changes to scripts/code) to extremely complex. This person was at a minor level of hacking, but he did gain access to a system he wouldn't normally have access to.

Think of it this way: Stealing can mean somebody taking a piece of petty candy (worth a penny), but people who think of thieves tend to think of guys in black masks breaking into houses...

Re:Not "hacking"

[Dahamma]

Exactly! Some of the most "notorious" hackers used "social engineering" more than anything else to hack into computer systems. Just like in this Twitter example, people are usually the weakest and simplest point of access...

Re:Not "hacking"

[clone53421]

Actually, what you are referring to is “cracking”.

“Hacking” is taking something and making it do something it wasn’t meant to do. It could be perfectly within the realm of legality, or it could be illegal. It depends on what you are doing.

Re:Not "hacking"

[esmrg]

It certainly qualifies as "hacking". See, it's the quotes that modify the meaning. For example, If you were to buy something with inkjet prints or photographs of dollar bills you could say: I tried to buy this candy bar with "money", and they turned me away. Or "sex" in place of masturbating in front of your monitor. Or Nickelback as "music". I could go on.

Re:Not "hacking"

[Petron]

So hacking the Gibson, isn't hacking at all, since you aren't taking something and making it do something different

Digital trespass is not hacking.
Writing a virus that sniffs out bank account numbers returns it to you isn't hacking either (You are making something and its' doing exactly what you want it to do)...

There are legal forms of hacking and illegal forms of hacking, that's not the issue. Hacking is a broad term used for many activities. People just tend to narrow it down to the one specific stereotype and try to recatogorize non-stereotype activies as something else... Like "shoplifting isn't theft... it's a misdemeanor while theft is a felony." (Not true, Theft can be be either depending on what was stolen)

Re:Not "hacking"

[clone53421]

Using any scripting or programming language to do something illegal is pretty much always “making it (the scripting language) do something it wasn’t meant to do” ... by definition. So yes, writing a virus or trojan is “hacking” as well as “cracking”. In fact just about any particularly clever bit of code is considered a “hack”.

But no, taking a cookie-cutter virus, trojan, script, or what-have-you, tweaking a few things, and then sending it out into the wild isn’t “hacking”. It’s just “cracking”, and people who do this are called “script kiddies”, not “hackers”.

Re:And this is why we ONLY SERVE FREEDOM FRIES !!

This is France. Since you don't like our language, we'll be taking it back. Please remove the word 'language' from your post. Merci.

"Hacked" is way too much.

[ThePangolino]

Way too much! Let me also suppose the poor guy will get sued and maybe jailed for what he did. The thing I wonder is what will happen if my Twitter account was """"""hacked"""""" like this? Will it deserve a story in Slashdot?

Re:"Hacked" is way too much.

[iPhr0stByt3]

I was thinking the same thing. Although I think the guy should be prosecuted for exploiting the weak system, I also don't think anyone would give a hoot if John Doe's twitter got hacked. But it's not surprising to see this is the news.

Password recovery methods are stupid

This is why I type a huge string of random gibberish into those stupid "Password Recovery" sections that ask me questions that any person that does any amount of research into my life can figure out.

Those things are stupid and the fact that so many sites still use them is completely stupid.

too obvious..

[TiggertheMad]

Why even include anything that relates to your mothers name? Why even give attackers that much? Just provide a 30 character string of random characters. It's not like anyone actually checks that your mom isn't named 'DFER%$^YBNSwerwer4r67786^##$%#%GFH'...

Re:too obvious..

[commodore64_love]

And what happens when you forget your password, or the system randomly decides to ask for your mother's maiden name. You have no idea what those random characters are.

BTW for what's it's worth, I use my GRANDmother's maiden name in the "mother's name" question. If I was president someone might know that bit of trivia, but for me? Nobody knows. My grandmother hasn't been a maiden since 1910, and since the town records burned to the ground, it would be very difficult to find.

 

Re:too obvious..

[Yetihehe]

If I forgot my password, there is very high possibility that I also forgot this complicated answer. Happened to me once.

Re:too obvious..

[Captain+Splendid]

My grandmother hasn't been a maiden since 1910

Suuuure she was. Pretty damn 'lively' from '07-'09 if you consult the outhouse walls.

Re:too obvious..

[Applekid]

Why even include anything that relates to your mothers name? Why even give attackers that much? Just provide a 30 character string of random characters.

Yo, I heard you like passwords, so we're going to protect your password with another password.

Re:too obvious..

[cmiller173]

That's a great idea! I'm off to the hall of records with a box of matches!

Re:too obvious..

[ircmaxell]

Well, why ask for anything then? Why not just send a secure token to a recorded contact point (Such as an email address or a phone number or a snail mail address)? Then require that token to reset the password?

Re:too obvious..

[pixelpusher220]

nah, just post your favorite pets name, favorite band, first car, high school attended, full name, address and social security number here and I'm sure we'll have her maiden name figured out right quick! ;-)

Re:too obvious..

[flabordec]

It's not like anyone actually checks that your mom isn't named 'DFER%$^YBNSwerwer4r67786^##$%#%GFH'...

My long lost brother!

Re:too obvious..

[BobMcD]

And if that password controls the email account?

It kind of needs to start somewhere...

Re:too obvious..

[smashin234]

Very few times I will say this, but very occasionally a comment makes me spit out whatever I am drinking all over the keyboard, and you sir did it. Congratulations sir, now I must be off to clean off my main keyboard..

Re:too obvious..

[Captain+Splendid]

Thanks, you're my first!

Re:too obvious..

[tomhudson]

maiden == virgin. (maidenhead - aka the hymen - still intact)

Re:too obvious..

[metacell]

My grandmother's name is Hilda'); DROP TABLE accounts;--

Re:too obvious..

[tehcyder]

If I forgot my password, there is very high possibility that I also forgot this complicated answer. Happened to me once.

If you can't remember the name of your favourite pet or band, I'm not sure it's wise to be using the internet at all.

Re:too obvious..

[NotBornYesterday]

'07-'09 ... wow, that's recent.

it is simple morality

[circletimessquare]

that if you transgress against someone else, you are the problem

for example: if a bag of cash is sitting wide open and unguarded just inside an open door, you have absolutely 0% right to take it, and you are 100% to blame for the theft: YOU took it, no one told you to. your own poor decision making is the key

no matter how horrible or nonexistent someone's defenses, when you transgress against them, you are a criminal, you are 100% culpable, you have no excuse, you should be punished, and your morality sucks. plain and simple

sure, people SHOULD have good defenses. mainly because of all the immoral assholes out there. but even that you knew there were a lot of immoral assholes out there and their behavior is pretty predictable, none of that excuses the actual immoral assholes and their behavior. but another way: stupid is bad, but evil is always worse

so you need good defenses, but when you are transgressed against, the question of the quality of your defenses is completely besides the point: the immoral asshole needs to be punished

Re:it is simple morality

[NotBornYesterday]

The fault of the transgression lies with the transgressor. But in a world known to be inhabited by morally flexible individuals, it is reasonable to expect people to secure themselves and their property to some degree, and to continue to take reasonable actions to avoid/deflect/counter attacks by the unscrupulous.

For example, take this other discussion. People are still taking a lax attitude towards PC security despite known risks. Obviously, the spam is a direct result of the spammers's actions. However, knowingly allowing yourself to be insecure is asking for trouble, and it does contribute to the problem.

How?

[iprefermuffins]

I'm a little confused how this guy's "hack" worked as described. I just checked Twitter and it doesn't have password recovery questions. And the "forgot password" form offers to send a password reset link to the email address associated with the account, so it's not going to be a way in unless you have access to the email too.

notice the last sentence in my comment

[circletimessquare]

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some tea party morons out there might actually take my joke seriously)

thanks to your comment, a revision is in order:

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some t^He^Ha^H p^Ha^Hr^Ht^Hy^H morons who comment without reading out there might actually take my joke seriously)

Re:notice the last sentence in my comment

[Dahamma]

I thought the tea party movement was just a bunch of morons. Then I read this:

http://www.huffingtonpost.com/andy-borowitz/teabaggers-new-cry-mrs-ob_b_508683.html

Now I think calling them that has just been an insult to morons.

Re:notice the last sentence in my comment

[cyberchondriac]

Umm.. you're the moron. Borowitz's blog is a joke. Literally. He's a comedian and writer, not a journalist.
Look again, it's under the "Comedy" section of the HuffingtonPost.
The only thing the tea party is against from what I've read is that Michelle Obama wants to take away "Happy Meal" toys and their ilk because they "encourage" children to eat poorly. It's not so much the crappy toys, it's the parent's who are too lazy to cook, and drive their kids to a fast food place that are to blame. And of course, all the HFC in everything. Maybe.

Re:notice the last sentence in my comment

[cyberchondriac]

And clearly you didn't get *my* sarcasm either.

Gee, see how easy that is to do?

Question based security

[wisnoskij]

Everyone already knows that question based security is not safe.

The news here is that the POTUS is not following basic security measures to keeps his accounts safe.
Which he really should be.

Re:Question based security

[istartedi]

POTUS didn't make the policy. It's a Twitter account, so I assume this is what they do when you forget your PW.

Now, even if somebody got total control of the POTUS Twitter account and started posting all kinds of outrageous crap, we'd figure that out pretty quickly and lay the blame where it belongs--Twitter.

Should they have better security? Maybe. It's not the nuclear football though. One-time pads with armed guards and officers turning keys simultaneously is just a bit of overkill for a web site where you post your golf scores.

Re:Question based security

[wisnoskij]

But no one needs to answer the questions honestly.
He should of put random strings for the answers to the security questions.

Wrong

[aepervius]

If my lock at my door is poor, I may have problem getting money back from the insurance, but for the law, you entering my home it by using a replacement key wills till be considered "breaking and infringing upon my property". It isn't different here.

Wanker

[Capt.DrumkenBum]

After he got access he should have used Twitter to declare war on Vatican City.
Size: 0.17 sq. mi. (0.44 sq. km)
Population: 783 (2005 census)
Location: Rome, Italy

Re:The details of the case confirm your point

[m.ducharme]

Nuclear launch code?
12345

What?! I have the same code on my luggage!

PGP Signed Info

[al0ha]

Unless an electronic communication is PGP signed it should never be trusted so use of Twitter by all Twits, especially POTUS, is ridiculous as it is completely insecure and unverifiable.

Next Kevin Mitnik

[iPhr0stByt3]

Consider Kevin Mitnik. He was truly a technological wiz. But according to his books, a majority of "hacks" were non-technical. I see the above case as just another social engineering exploit.

To address some of the above comments: Just becuase the victim or even twitter itself made it easy to gain access, that does not make it legal and the offender should be prosecuted. That being said, I personally often do not provide real answers to password recovery questions, because none of the questions available are difficult enough. And if I can pick my own question, I typically just provide a hint for the actual password that only I would understand.

and this is...

[dos4who]

True hacking. Just to see if it can be done; not to do anything malicious. Even though it ranks low on the evolutionary scale as far as hacking is concerned, good work, kid :)

His password:

[jjohn]

pre$ident

Missed Opportunity...

[fahrbot-bot]

He did not actually tweet as POTUS, but just wanted to show he could break into the account.

Unrealized Tweet: Yes I can.

i'm not excusing poor security

[circletimessquare]

i'm attacking the concept that the victim is to blame for a transgression, which is demonstrated in the grandfather comment in this thread

for example: she was drunk and skimpily dressed, so she deserved to be raped. he had no antivirus, so he deserved the trojan keylogger, etc. yes: you can take, or fail to take, certain actions which increase your chance of falling victim to immoral assholes. however, the immoral assholes are always to blame, regardless

as soon as you lose personal accountability, as soon as you start blaming victims, situations, or other obfuscations, you lose all morality. you are responsible for making poor choices in your life. and when you do, there will be consequences, no matter how much you whine "the devil made me do it", and age-old variations thereof

Just stop it - blame goes both ways

[MobyDisk]

Just stop this false dichotomy. Let me quote some excerpts from several posts above...

Yes, blame the victim. You didn't install triple deadbolts on your door.

Having a security question that is easily guessable is like leaving your car door unlocked.

I don't see why the fact that it is a computer system means that there is suddenly nothing wrong with the actions of the person deliberately breaking in.

If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime.

We keep arguing over whose fault it is when someone breaks in. The reality is that all of the above points are right, and sometimes it can be both people's fault. There's nothing wrong with assigning blame to both parties.

If someone breaks into another person's home, car, twitter account, bank account - that person is to blame for it. But if the person secured their home, car, twitter account, or bank account with a post-it note that said "Don't enter here unless you know my mother's maiden name" then they are also to blame. And if someone designs a system where that is the only way to secure it, then they are also to blame.

The reality here is that people will always try to break into things. So it is the other two who have the responsibility to fix the problem: the end-user must demand better security, and the engineers must supply it.

What Obama's Security Question Should Have Been

[GoodNicksAreTaken]

His security question should have asked where he was born. A huge portion of the population of the US still can't figure that out :)

that's kind of funny

[circletimessquare]

considering the fact that

1. vitriolic hatred is pretty much all of the tea party consists of,

2. sound fiscal responsibility is finally what this health reform delivers,

3. health care security is unconstitutional only in creative crackpot legal arguments,

4. and free market principles do not answer every question in life (as the 2008 meltdown demonstrates: you need strong government regulation to keep the markets healthy)

a capitalist society with social safety nets is clearly and obviously superior in every measurement to the social darwinism i hear you advocating, even if you don't realize that is what you are advocating. free market fundamentalism died in 2008, i guess you didn't get the memo

Re:that's kind of funny

[CorporateSuit]

1. vitriolic hatred is pretty much all of the tea party consists of,

Incorrect. It's frustration, not hatred. Frustration is the fruits of tolerance being pushed past its limits. Hatred is the fruit of intolerance. Democrats show hatred toward the tea party. The tea party shows frustration toward the Republicans and the Democrats. Republicans just haven't caught on to that yet.

2. sound fiscal responsibility is finally what this health reform delivers,

Trying to equate what they passed off as "health reform" with fiscal responsibility is like dividing by zero. It's not possible with even the most brainwashed imagination. Look at the current deficit and tell me congress knows what fiscal responsibility is even supposed to mean. Fiscal responsibility is not the responsibility to tax away problems, or force citizens to purchase healthcare.

and free market principles do not answer every question in life (as the 2008 meltdown demonstrates: you need strong government regulation to keep the markets healthy)

You need MINIMAL government regulation to keep the markets healthy, not STRONG government regulation. "Business-like practices" should be enforced, but it is rarely in the government's interest to regulate their biggest contributors. It is always in their interest to pick on their non-contributors and rivals to their contributors, however.

Re:that's kind of funny

[clarkkent09]

1. vitriolic hatred is pretty much all of the tea party consists of

Care to elaborate? Hatred of what exactly?

2. sound fiscal responsibility is finally what this health reform delivers

That is a laughable statement and really not even worth responding to. I guess I could say wait a few years and see, but if you haven't learned from the fact that every attempt so far to solve fiscal problems by more rather than less government involvement has only made the problem worse then you won't learn this time either.

3. health care security is unconstitutional only in creative crackpot legal arguments

I didn't say that the health care bill is unconstitutional, although we'll leave it to the courts to decide that, shall we.

4. and free market principles do not answer every question in life (as the 2008 meltdown demonstrates: you need strong government regulation to keep the markets healthy)

No but historically the free market answers a hell of a lot more questions correctly than central control. 2008 meltdown demonstrates nothing of the sort. We already had strong government regulation when it happened, which I would say was the reason it happened.

a capitalist society with social safety nets is clearly and obviously superior in every measurement to the social darwinism i hear you advocating, even if you don't realize that is what you are advocating. free market fundamentalism died in 2008, i guess you didn't get the memo
 
I realize exactly what I am advocating but I don't think I can say the same thing about you. A capitalist society with government control of as large portion of the economy as we already have cannot even be truly called a capitalist society. I agree that the safety net should be provided but only for the unfortunate and not for the irresponsible.

Re:that's kind of funny

[tehcyder]

No but historically the free market answers a hell of a lot more questions correctly than central control. 2008 meltdown demonstrates nothing of the sort. We already had strong government regulation when it happened, which I would say was the reason it happened.

Whatever you're smoking, I want some.

you CAN avoid the obvious

[flahwho]

In cases where a website's "security" question is required of me, I often use an ANAGRAM or more often spell the answer BACKWARDS.

Re:you CAN avoid the obvious

[karnal]

Don't you mean you often spell the answer SDRAWKCAB?

Security Questions Considered Harmful

[RAMMS+EIN]

In case anyone wasn't convinced already, this shows that security questions are a bad idea. Simply stated, they introduce more points of failure into the system, and it's the weakest one that determines how easy the system is to defeat. In short, you can not make the system more secure by providing another way to gain entry.

Of course, security isn't only about keeping the bad guys out, but also about letting the good guys in. I guess that is what gave rise to security questions: to give you a way to gain entry if you forgot your passphrase. But even then, I don't see security questions as a good solution. I like the established method of "provide what authentication credentials you do have, and we'll send you a new passphrase by a method we agreed on earlier" better.

Whatever happened...

[kenh]

...to the kid that "hacked" (and I use that term loosely) into Gov. Palin's Yahoo email accounts? Was he ever convicted? He was a domestic offender, this is a foreign offender, but seems fairly similar to me...

Also, as President, all communication is supposed to be archived, is the Gov't archiving all of them?

i love obama

[circletimessquare]

because he represents badly needed progress for my country

me and the rest of the more level-headed and more lucid and clearly much larger majority in this country will drag the fringe minority of howling morons on the right into the 21st century, and up to the obvious and uncontroversial (unless you are a moron) standards enjoyed in the rest of the industrialized world

and this healthcare reform is clearly more fiscally sound than the status quo that existed before this legislation was signed on tuesday. do you honestly believe otherwise?

Re:i love obama

[roman_mir]

because he represents badly needed progress for my country

- I will ask you then, do you honestly believe that? He is not giving you 'change you can believe in'. This is not it. This is not a health care reform, this is not health insurance reform. This is some new regulations, that's it.

You will have these benefits, I give you that: no rescission, no ability for an insurance company to deny a claim or to deny coverage based on previous conditions. Those are your main benefits.

Here are the problems:

1. This is not 'the change we can believe in', this is not changing the establishment and this is not 'not playing the same old games'. This is playing same old games, this is a little bit of pocket change. Backroom deals, killing the actual reform - no public option.

2. Drug manufacturers are getting their monopoly extended from 5 to 12 years. No generics for 7 years more per drug. Prices will go higher and not lower.

3. No public negotiations with hospitals.

4. No public negotiations with drug manufacturers.

5. No import of cheaper drugs from abroad (Obama, you love so much, has personally killed this, he was very very tough on the people who supported this bill last fall).

6. Obama promised you the real change - public option, this was a lie. He lies to you, why do you love him? You are not going to get the public option. You are not even going to get a vote on it. A bill was introduced just now, to move forward with the public option. I guarantee you, they won't have a vote, they will not vote on it. Neither of the parties wants you to have this because they both are on the side of the drug manufacturers, insurance companies, hospitals etc., but they are not on your side. Why do you love them when they treat you like dirt, is it the Stockholm syndrome?

7. There was not even an attempt at the single payer. It was dismissed by Obama immediately, he said 'while it works for other countries, it is not going to work in the US'. It's not, because he does not want it, nobody in power wants it. I am not even saying it's that great, I am for a dual system, private + public, where choices are provided.

8. From politics point of view this is bad. Republicans and 'conservative democrats', all the 'blue dogs', all the corporate whores I mean are working with the corporations right now. They are working with the insurances right now. The insurance premiums will be rising, they are going to raise the premiums and they will blame the 'reform' for it. Politically this was bad, public option would have actually lowered prices in private insurances an would have saved money. This is not going to.

9. Alan Grayson proposed a 4 page bill to sell Medicare to anyone who wants it at cost. You think that will get even looked at? It will be ignored completely.

10. Do not compare this garbage with what the rest of the civilized world has. The rest of the civilized world has either public or private insurance systems and very much public health care system with a private health care system option. What you got in the USA is a lie. Another lie and once the insurance companies + Republicans are done with this, you will have less than what you have started with.

11. Should I mention the mandate? Oh yeah, the mandate that you will have now, you will have to buy an insurance package and your only choice of providers? The same guys as a week ago, nothing has changed for the better there.

Nothing has changed for the better except a few regulations that really are questionable. Corporations will find a way around these regulations, simplest of the ways is to raise premiums for everyone across the board starting immediately and then to blame this 'reform', which was not anything like a reform, and make sure that you can never fix anything for real.

You love Obama? When he is done with your reforms, a few years from then you'll look back and wonder: what the fuck, what kind of a train has just run over this place?

Re:i love obama

[kz45]

"me and the rest of the more level-headed and more lucid and clearly much larger majority in this country will drag the fringe minority of howling morons on the right into the 21st century, and up to the obvious and uncontroversial (unless you are a moron) standards enjoyed in the rest of the industrialized world"

Right. Because you know what you are talking about and anyone that has an opinion other than your own is a moron. This is the main reason why I hate the democratic party. Elitism.

If you are talking about standards, the US has the best quality of health care in the world. The problem is that not as many people have access to it.

The reason the costs are so high is because the actual fees charged are hidden from the patient (the insurance company absorbs it). If we got rid of the insurance companies (or had insurance for major surgeries only) and allowed a direct relationship between the patient and hospital, we would see a drastic decrease on overall costs. Mainly because the hospitals wouldn't be able to do things like charge $150 for Aspirin.

"and this healthcare reform is clearly more fiscally sound than the status quo that existed before this legislation was signed on tuesday. do you honestly believe otherwise?"

Pretty much every large-scale government run program is either bankrupt, inefficient, lacks quality, or a mix of all three. Just looking at the past, It's pretty easy (for an intelligent person at least) to see that a government run health care program will not work in the long run. I don't even think the US has anything that can compare to a program like this.

If the president is so convinced that everyone wants this, why don't we allow people to opt out? If I want to have private care, I now have to pay for both.

Re:i love obama

[LoverOfJoy]

2. Drug manufacturers are getting their monopoly extended from 5 to 12 years. No generics for 7 years more per drug. Prices will go higher and not lower

Hey can you point me in the direction of where you found this? I've done some searches and can't seem to verify it much less learn more about it. Is this a change via the bill that just got passed or separate issue that's happened recently?

Re:i love obama

[roman_mir]

On extending the patents from 5 to 12 years:

http://www.nytimes.com/1982/09/14/us/house-debates-bill-to-extend-drug-patent-term-by-7-years.html

http://www.milliman.com/expertise/healthcare/publications/newsletters/pa/pdfs/president-obama-pharmaceutical-industry-PA-03-31-09.pdf

The actual bill. It is hard to read, but go to the page 1869 and read it. You'll see it. But you can also read around it. Apparently all kinds patents are going to be extended, by half a year here, by seven years there, various interesting stuff.

Also look at Obama killing the bill, that would have allowed cheap drug imports from Canada or other countries.

Dorgan introduced the bill

You will find shadows of this information in the news:

how the White-house killed this bill.

Dorgan had 30 or more Senators supporting this on his side, it still ended up dead.

Obama is nobody to love.

What was the password?

[140Mandak262Jamuna]

Was it a zip code by any chance?

Why is the President using Twitter?

[CranberryKing]

Seriously. Maybe for pr crap during his campaign, but now that he's in office? If he is going to need to tweet people in any official capacity, it certainly should not be using something like twitter.

If they immediately arrested someone in France for 'hacking' into it, then I can only imagine it's because it is a medium of official business, else the consequences should be not taken any more seriously than if he had guessed my security question. I doubt police in France would respond quickly to my complaint to Twitter that someone is using my account.

He didn't guess Obama's password

[Anonyme+Connard]

Actually he used social engineering to get the Yahoo address and the answer to the linked "secret question" (date and place of birth) of an employee of twitter, so he got access to his e-mails. There he discovered that this employee used the same type of password for all his accounts (gmXXX for gmail, twXXX for twitter etc.), then he could log into twitter as an admin...

The security hole is therefore in Yahoo's system for forgotten password (too easy question), and in Twitter's policy for employee's passwords (which, since that, has changed).

Re:And this is why we ONLY SERVE FREEDOM FRIES !!

[Culture20]

This is France. Since you don't like our language, we'll be taking it back. Please remove the word 'language' from your post. Merci.

Look, I know you're French, but you surrendered too easily. Also, Mercy is spelled with a "y", not an "i". Thanks.

Unlikely

[weston]

I heard was "Let them eat cake"

Given the origin of that phrase and its usage to illustrate the complete unfamiliarity the French upper class had understanding the issues facing the poorer classes, it's hard to imagine why the current POTUS would use it.

elitism?

[circletimessquare]

i believe it is right wing fiscal policies hat protect the dear darling rich from those horrid undeserving poor people and their undeserved healthcare

why are you smearing the democrats with the label of elitism when it is clearly the right that serves the elite?

that was an awesome

[circletimessquare]

elucidation of all of the weaknesses of the new healthcare system

and yet, with all of the details you have given, and any more you want to add, ITS STILL WAY FUCKING BETTER THAN THE BULLSHIT STATUS QUO LAST WEEK: gouge you on skyrocketing rates, then deny or drop you when you claim benefits

you do understand that, right?: that it is easy to criticize any initiative in a vacuum: everything as complicated as this plan has downsides. however, when comparing the plan against the universe of your other choices, your job, in the real world, is to pick the least suckiest plan forward

government is bloated, inefficient, wasteful, and a disgusting bureaucracy. i agree with your criticisms 100%. and yet it is still WAY fucking better than healthcare corporations taking care of stockholders rather than you, and all the waste in THAT system

welcome to reality: derive your opinions considering all of your options. picking apart an option's weaknesses all by itself has no value, and so your opinion has no value

Re:that was an awesome

[roman_mir]

i agree with your criticisms 100%. and yet it is still WAY fucking better than healthcare corporations taking care of stockholders rather than you, and all the waste in THAT system

- then you missed my point entirely.

What you got now is a promise of something, don't expect it to do what was promised. Excuses, excuses. Obama did not give you change, he gave you an illusion to make you go away about this particular issue. Check mark, job done.

Except you will still have at least 15 million uninsured. Except that with insurance companies raising costs between now and 4 years from now, when the subsidies are supposed to kick in, people will not be able to afford their insurance still, just like they could not afford it before, only now it will be worse. The insurance companies just got a 'go ahead, hike up the prices now' sign for 2 reasons: 1. political (to make sure no reform is ever done again) and 2. to cover any additional costs that will actually be incurred and obviously to keep increasing the bottom line.

You did not get rid of the problem, of the cancer, you will not get rid of the cancer. Private insurance companies with no public option are the cancer, eventually death will occur.

There will be no incremental improvement of this, now this is guaranteed, the Obama check mark was put in place for health care, it's done, no more changes.

And yet, how simple it would have been just to allow anyone who ever wanted to buy into Medicare at any age at cost? Easy. The infrastructure is in place now. The original setup costs are covered long time ago by Medicare. No no no, you will not get actual change to something that is anywhere near what other countries have until you completely replace the people who are running you. I am not talking about changing Ds to Rs or just shuffling the people around inside those 2. I am talking about getting rid of all of them and starting with people who have not sold out to the corporations yet.

To do that, you have to have a meaningful reform in financing the elections, that is not going to happen. Corporations are running US, you know what political system that entails, don't you?

So no, I disagree on both, policy and politics of what you have just been sold. It is not a step forward at all, it is an illusion.

listen to all those fears and pantytwisting

[circletimessquare]

how do you get to sleep at night, knowing the bright frightening sun will visit you in a few hours? pfffft

i'll tell you what: i'll take the word of the congressional budget office, trusted by right and left, rather than fox news hysteria, that the new plan will save money

is it perfect? hell no. there are already obvious improvements discussed, and they WILL be implemented. its a living system, constantly adjusting

this legislation is simple recognition that the current us healthcare system SUCKS SHIT and needs to be comprehensively reformed. a piecemeal plan would never have worked, as it would be blocked by the do-nothing republicans and even if enacted in dribs and drabs, it would never amount to the real change and necessary systemic alterations pointed at stemming the rising tide of red we were sinking in

let's put it this way: do you defend the status quo before sunday? do you think it was acceptable? did things need to CHANGE out of simple fiscal responsible?

if your answer is yes (hopefully, if you have the slightest bit of intellectual honest about you) then i will in the spirit of intellectual honesty also say the health reform plan is flawed

but the beauty of it is: there's no going back: we've finally openly admitted things are horribly fucked up in our current system and it needs to be altered in fundamental ways. no more dithering for decades is possible, the commitment has been made, things are FINALLY getting fixed from a truly broken wasteful immoral and horribly expensive system

Re:listen to all those fears and pantytwisting

[roman_mir]

how do you get to sleep at night, knowing the bright frightening sun will visit you in a few hours? pfffft

- I am not sleeping right now, and it's 3AM.

i'll tell you what: i'll take the word of the congressional budget office, trusted by right and left, rather than fox news hysteria, that the new plan will save money

- irrelevant point. Why does this have to be budget neutral? Nothing else in US does, not when it comes to bailing out banks, not when it comes to nuclear weapons that don't help anyone, not when it comes to war. Why now? However, if you had public option or medicare buy in, you would have actually had cost cutting over time. They way it is going to happen now, are you serious? Costs will go up. Look at the drug patent issue, patents extended by 7 years. 12 years before generics can be sold instead of 5, do you believe that the prices will drop? Do you need a bridge I have for sale right here?

is it perfect? hell no. there are already obvious improvements discussed, and they WILL be implemented. its a living system, constantly adjusting

- not a chance. Not a single chance. Check mark, job done. If they wanted to, they could have had the medicare buy in right now, public option was a vote away. Obama is sold and bought. Everybody in your government is sold and bought, probably safe for a handful of people, like Ron Paul and Alan Grayson. Not a chance. You have not put a foundation in, you have a cancer - your politicians + the insurance corps. Not a single chance.

this legislation is simple recognition that the current us healthcare system SUCKS SHIT and needs to be comprehensively reformed.

- your system does suck, it needs reform. This was not it, it was a check mark. Now I expect the same checkmark for the financial 'reform'.

let's put it this way: do you defend the status quo before sunday? do you think it was acceptable? did things need to CHANGE out of simple fiscal responsible?

- let's put it this way: 1. you need change. 2. what you got is nothing that does that. There are very few things that are coming out of this that is good, end of rescission and end of denying of coverage.

That is all you are going to get, you will get nothing else. But you also will get with this rising costs, because insurance companies won, no surprise their stocks are all up. They know they won. You lost, you stood no chance. Take what you were given and say 'thank you' and be happy they didn't just shoot you in the head.

You bought their lies that something is going to be done to help you. What you got is more privatized insurance, only now it will be mandated that you have to buy it. You got more expensive drugs and 7 years of more patents on them. You got screwed and you got blinded and sidetracked.

hilarious

[circletimessquare]

so you DON'T defend the bullshit system we just thankfully got rid of. at least you got that going for you

but you DO rip apart a superior system, simply because its not EXACTLY superior according to your exacting specifications

so after a fucking YEAR of trying to get a better system, with the myriad of competing voices about what is better than our current system screaming and gnashing their teeth, of which your voice is but one voice of millions, we finally got some consensus on something that is CLEARLY better. that's how politics works, you know? but YOU STILL WON'T FUCKING SUPPORT IT, because its not superior in EXACTLY the way you deem acceptable

i think i dated a chick like you once. what an annoying hard to please bitch

Re:hilarious

[roman_mir]

I do not support this, because it is a pile of excrement. Excrement cannot be made into a nice bowl of soup that is tasty and can be eaten.

This is not superior to what was there before because it is still a pile of crap.

The cooks had all the right ingredients right at their finger tips, but they never even tried. They just crapped into the pot but sprinkled a little fresh dill on top of that dish and said: there, it's nice and healthy because there is nice green dill on top of the smelly, vomit inducing pile of crap on the dish. They said they could not prepare the dish correctly this time because it would not be possible, there are no ingredients and those that they have cannot be cooked by themselves. The stove is cold right now they said, it takes time to heat it up. Our tools are not ready, the knives are blunt.

Over time, they said, we'll be replacing a spoon of crap with very well cooked vegetables. We will replace the dish of crap with a nice vegetable dish over time by taking a spoon of crap and putting a spoon of vegetables where the spoon of crap was. We'll do this enough times, they said, your dish will taste so much better. It's just right now, when you are hungry, you have to start with little spoons of shit sprinkled with nice green pieces of dill.

So eat shit for now, thank us that it will fill up your empty stomach, hope that you don't die from it before we replace some of the shit with the vegetables.

Only you know what, they, themselves are eating the vegetables. They can cook the vegetables when it concerns themselves. They have enough tools and the fire is lit on the stove.

Why are they really doing this?

Because you still have to pay for the bowl of this dill sprinkled crap. Normally you ate uncooked raw cow tails, hooves and horns and some old corncobs. You pay for this 'extravagant' dish privately. You know that in other places people actually get normal food, cooked well and much much cheaper than what you pay, but that's your system, what can you do?

Well, you did something. You fired the old kitchen Sheff and put in a new one. He promised change, he promised to make sure that the cooks prepare good food and to make sure they do not overcharge he even promised to get the Sheff from the old charity kitchen, who always cooked well, but it was only food for people over 65, and this guy would also then cook for more of those who needed or he would train a new cook and they would do it together. But the old cooks got angry, they would be losing business and they would have to improve their pig tail dishes it seems. So they made sure, that the new Sheff and his stuff never did anything that lead to such a terrible situation. They did this with money, with promises, with lying, with blackmail and many other magic tricks, everything in their disposal.

So excuse me, if I was not satisfied with the new dish and a huge promise of the tasty vegetables that I know will never come true. But it seems like you are quite enjoying it.

Cheers.

Security Questions Do Suck

[Apple+Acolyte]

I'm glad more people are waking up the fact that easily guessed security challenge questions suck donkey balls. Most of us probably go along and give weak answers that could be guessed, worst of which is likely Mother's Maiden Name since it's almost as common a data point as one's Socialist Insecurity number. I wish more sites would implement Chase's persistent cookie check that has you authenticate with a randomly generated code that gets emailed to the account's email address on file if the cookie isn't present. Of course, that still leaves one vulnerable if the email account gets hacked, but it's better than redundant and weak security questions. I dread having to fill those out, and it's especially painful on sites that require a bunch of them.

Oh, and by the way, I love - absolutely LOVE - seeing Socialists argue about whether or not the corrupt health care takeover legislation counts as real "reform" or does not because it doesn't go far enough in completely Socializing medicine. Ah leftists, you continually amaze me. Kudos to your side on successfully infiltrating and actively undermining our country, by the way.

The Constitution shall rise again.

"This is not superior to what was there before..."

[circletimessquare]

and this is where me and the congressional budget office part ways with you

i read nothing beyond those words, as believing the system we had before this week is superior to this common sense health reform bill is clearly delusional

adios, propagandized retard

Re:"This is not superior to what was there before.

[roman_mir]

CBO said that money would be saved if PUBLIC option was implemented.

Good luck with your dill sprinkled crap dish.

Just so that you don't misunderstand, I am not eating from the same pot as you are, I live somewhere where meals are healthy and not filled with crap or hooves.

Cheers.

#1:

[circletimessquare]

you're relying on outdated cbo numbers. the latest numbers right before the bill was signed did not include the public option, and it still saved $

#2:
but btw, you're right: the public option will save $$$, adn should be implemented, and it will. single point of purchase is where price controls can come into play, and the savings will be massive, none of these corporate assholes jacking your rates and denying you benefits while doctors ring up 10 unnecessary tests just so they can get paid. its insanity. thankfully, we're on track to finally fix this fucking bullshit broken system where the poor are fine, the rich are fine, and the middle class get shafted

Not so cunning

[Issarlk]

FTA: "The man in question had no training in computers," said Mr. Coquillat. "He was just very cunning." Not very cunning since he got himself into trouble that could send him into jail.

Re:The details of the case confirm your point

[ginbot462]

Dude, everybody knows it was 00000000 for the launch code.

No, seriously ...

http://www.damninteresting.com/ive-got-the-same-combination-on-my-luggage

I like being able to write my own questions

[OrwellianLurker]

If I have to use pre-determined questions, then I have to remember the answer. If I can write my own questions, I can associate things. I rarely even use question and answers. I have some weird, completely random sentence, with a strange answer that I can easily remember.