Twitter Closes Hole After Attack Hits Up To 500K Users

← Back to Stories (view on slashdot.org)

Twitter Closes Hole After Attack Hits Up To 500K Users

Posted by CmdrTaco on Tuesday September 21, 2010 @07:55AM from the hate-when-that-happens dept.

chicksdaddy writes "Twitter closed an ugly cross site scripting hole in its Web page Tuesday morning, but not until a fast moving attack, including at least two Twitter worms, compromised hundreds of thousands of user accounts. At its height, the attacks were hitting 100 Twitter users each second, putting estimates of the total number of victims at around 500,000 according to researchers at Kaspersky Lab."

99 of 135 comments (clear)

Min score:

Reason:

Sort:

Seriously by Anonymous Coward · 2010-09-21 07:58 · Score: 5, Insightful

How complicated is it to write somewhat secure software that processes 140 character messages?
1. Re:Seriously by MobileTatsu-NJG · 2010-09-21 08:25 · Score: 4, Funny
  
  How complicated is it to write somewhat secure software that processes 140 character messages?
  Yeah, they should shorten it to 70 characters and make it twice as secure.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
2. Re:Seriously by spun · 2010-09-21 08:30 · Score: 1
  
  But there would be less entropy in 70 character messages. What they need to do is double it to 280, but require every other character to be random. Nobody could hack that!
  
  --
  - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
3. Re:Seriously by ILuvRamen · 2010-09-21 08:41 · Score: 1
  
  Maybe they hired some old Adobe employees or something. I mean features > security or even features > caution is what they hang up as a poster on the wall at most places. If you make a super simple site that JUST delivers 140 character strings between users, your marketing people's heads would explode. That's just inconceivable that you'd change and upgrade your service nonstop for no reason and add features nobody wants and that don't work.
  
  --
  Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
4. Re:Seriously by moderatorrater · 2010-09-21 08:50 · Score: 1
  
  Having to deal with XSS myself recently, I have to say that I'm not that shocked. It's really, really hard not to accidentally miss something while you're programming in HTML and leave yourself vulnerable. Google's had issues with it before, most open source solutions have had that vulnerability, and now Twitter has. In a lot of ways I'm more surprised that this is the first one they've had.
5. Re:Seriously by mark72005 · 2010-09-21 09:09 · Score: 3, Funny
  
  If they were using old Adobe employees, Twitter would start requiring you to update your system every 2 or 3 hours.
6. Re:Seriously by psyclone · 2010-09-21 09:12 · Score: 2, Informative
  
  Uh, how hard is it NOT to escape your output?
  Maybe it's difficult to sanitize all of your input, fine. So simply escape it properly on output.
  It's the same thing with SQL injection mitigation: simply use prepared statements and you don't need to worry about the user's input. (Mostly)
7. Re:Seriously by mlts · 2010-09-21 09:23 · Score: 1
  
  How about allowing for unlimited characters, but store it in a 128-bit MD5 hash? It isn't as secure as SHA-256, but it is close enough for this work.
8. Re:Seriously by Dynedain · 2010-09-21 09:46 · Score: 1
  
  Not very difficult, unless of course you put the command and control structure within the same information channel as the content, sans escaping or syntax. Then you have the nasty problem of any particular string of characters being content, instructions, or both.
  
  --
  I'm out of my mind right now, but feel free to leave a message.....
9. Re:Seriously by NiceGeek · 2010-09-21 09:53 · Score: 1
  
  "and add features nobody wants" going by the demand for url shortening services, TwitPic, TwitVid, etc, etc. It's obvious there is demand for new features.
10. Re:Seriously by lennier · 2010-09-21 10:42 · Score: 3, Insightful
  
  "and add features nobody wants" going by the demand for url shortening services, TwitPic, TwitVid, etc, etc. It's obvious there is demand for new features.
  And presumably the top of those features would be "allow messages larger than 140 characters so that we can just post the actual URL".
  With a few billion dollars and about 40 years worth of solid development, Twitter might eventually turn into some sort of simple transfer protocol for multipurpose Internet mail...
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
11. Re:Seriously by shird · 2010-09-21 11:40 · Score: 1
  
  It's nothing like SQL sanitation, unless you are using pre tags. But that doesn't allow embedded links or formatting.
  Escaping HTML is very difficult, especially when you massage the output a bit (i.e hash tags and http links). There is also unicode, %20 and &amp style notation, "double escaping" etc.
  
  --
  I.O.U One Sig.
12. Re:Seriously by Idiomatick · 2010-09-21 15:00 · Score: 2, Informative
  
  http://htmlpurifier.org/ ? I mean twitter devs could Google the problem I guess.
  
  And it isn't twitter's first security problem.
13. Re:Seriously by fluffy99 · 2010-09-21 15:07 · Score: 1
  
  After much back and forth, we figured out that they were passing the key in as ASCII bytes of the minimum key length, effectively using a 64-bit key.
  Technically they had a 128-bit key (16 x 8-bit ascii characters). Limiting the key selection to ascii characters 0-F just means they had an artificially small key space. This is only a help if the attacker knows what they did, in which case it would significantly speed up a brute force attack. Essentially the same issue with long passwords that are only lower case characters.
14. Re:Seriously by cyclomedia · 2010-09-21 20:44 · Score: 2, Insightful
  
  Alternatively as they're happy to expand the tweet metadata to include Location, Date, Time, Platform and Color-Of-Socks why not add an extra field to contain an optional Link. The link would not be printed onscreen, instead there would just be a Link icon if the tweet contained a link and the 140 characters would then still be free to describe what the link is linking to
  
  --
  If you don't risk failure you don't risk success.
15. Re:Seriously by GameboyRMH · 2010-09-22 06:11 · Score: 1
  
  And Twitter pages would be so resource-intensive they'd make Slashdot pages seem to load fast in comparison. Twitter would eventually require a "fast launch" component that pre-loads Twitter code into your RAM on boot.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
...did I miss it? by Halifax+Samuels · 2010-09-21 08:00 · Score: 1

Was I too late to the party? I tried the exploit out at about 7 hours ago (with the malicious code removed) and it never worked for me. I then went to accounts that were reported infected and couldn't get any results. Was I lucky or just unintentionally more secure somehow?
1. Re:...did I miss it? by Celexi · 2010-09-21 08:02 · Score: 1
  
  I think it was already fixed by that time.
2. Re:...did I miss it? by stepdown · 2010-09-21 08:09 · Score: 1
  
  Their post confirming it was fixed came out about that time
  
  http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched
Interesting, yet pointless by pablo_max · 2010-09-21 08:03 · Score: 5, Interesting

Really,I know a lot of people seem to be using twitter, but I just don't get it. Am I too old? Hell, I don't actually know anyone using it. At least I don't think I do.
Why are people so interested to read an internet based text message? Is it really better than reading a well thought out and reasoned article about something?
More and more I see on all these tech news sites and blogs that they heard from so and so's tweet that such and such will be released with this and this. Then, all the other news sites link to the first blog who is using twitter as a source of information.
Since when is a text message a reliable source of information?
1. Re:Interesting, yet pointless by stepdown · 2010-09-21 08:07 · Score: 4, Insightful
  
  I treat it more as an RSS feed. A lot of people use it to link to full articles, and as a means of just sharing links to information it's great.
2. Re:Interesting, yet pointless by Anonymous Coward · 2010-09-21 08:07 · Score: 1, Insightful
  
  Yet, you read and post Slashdot comments.
3. Re:Interesting, yet pointless by Anonymous Coward · 2010-09-21 08:12 · Score: 5, Informative
  
  That's not the point. Microblogging isn't blogging. Look, here's some people I follow on twitter
  1) Wikleaks - they announce new leaks and news articles about em
  2) Bands, e.g. Oceansize tweeted "People of York, be warned we are likely to be opening the doors late. There are fucktonne of problems with this venue.". 65dos also just released a free track!
  3) Comedy stuff, e.g. the chilean_miner account: "Another troubled night. Ramon was mining in his sleep again" or Jesus_M_Christ: "Mesus Christ, I got hacked? I knew it was a mistake to mouseover a link on Judas' Twitter page."
  4) Friends, who talk about their daily lives (these things interest me)
  5) Work collegues, to see what conferences they're at and what they're working on
  6) Stuff to do with the societies I'm in at uni, like student robotics organising get-togethers and pub trips.
  Try it. Follow your favourite authors, musicians, websites and so forth. It's like a huge aggregated RSS feed with stuff that isn't normally syndicated included.
4. Re:Interesting, yet pointless by rueger · 2010-09-21 08:15 · Score: 2, Funny
  
  Twitter = Facebook without all of the crap.
  
  Well, at least shorter crap.
  
  --
  Three Squirrels
5. Re:Interesting, yet pointless by Culture20 · 2010-09-21 08:16 · Score: 1
  
  Micro-blogging is not a means of logging extensive information; it's more like a party-line web-based IRC or other chat. Chat to the world, and maybe someone will be listening.
6. Re:Interesting, yet pointless by Abstrackt · 2010-09-21 08:17 · Score: 4, Insightful
  
  Yet, you read and post Slashdot comments.
  It's no fun complaining about something if no one sees or hears you doing it.
  I have a theory that this is also why Facebook and Twitter have gained so much popularity. Half the updates I see on either are complaints about work, chores, some person who won't be named but must be publicly called out on some unspecified charge and/or the weather.
  
  --
  They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
7. Re:Interesting, yet pointless by pablo_max · 2010-09-21 08:22 · Score: 1
  
  Sorry..I fail to see how slashdot and twitter are anything alike. Explain please.
  Are you saying that I can post a comment on someones twitter account that everyone else can see and then some random douche can make a comment on it? I didn't think twitter was like that at all.
8. Re:Interesting, yet pointless by Anonymous Coward · 2010-09-21 08:22 · Score: 5, Insightful
  
  No, I don't use Twitter. Yes, I see the point of using Twitter. No, I don't go around telling people how great life is without Twitter.
  I'm sure that there are thousands of fantastic services out there, both on the internet and IRL, for which I have no use, and loads of great services for which I can't even envisage a practical use.
  Another thing; your own viewpoints aren't the only ones and likely to be incorrect or incomplete when thoroughly scrutinized. Deal with it.
9. Re:Interesting, yet pointless by marcello_dl · 2010-09-21 08:23 · Score: 1
  
  Not pointless as technology, even if mostly filled with useless stuff.
  Twitter replaces a bit of email and a bit of irc in a web2.0 fashion. Which is: take internet protocols that mostly worked, enhance their functionality (when possible) and put them in a centralized webapp (the "cloud" has to do with the internals of the app's server infrastructure, so "centralized" is the right term). With all pluses and minuses of a monoculture.
  The web2.1 seems to be: instead of webapps sell apps for smartphones instead, get the user to pay for the download and gather lots of info.
  This trend suggests that web 3.0 will be known as "the big brother".
  
  --
  ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
10. Re:Interesting, yet pointless by ColdWetDog · 2010-09-21 08:25 · Score: 3, Funny
  
  Hi Gramps! Shuffleboard on the main patio in 15 minutes. See you there.
  
  Face the facts. Email is for us old people. Twitter is for, well, twits. But that's OK, the nurses are kinda cute and I like not having to get up early in the morning.
  
  --
  Faster! Faster! Faster would be better!
11. Re:Interesting, yet pointless by pablo_max · 2010-09-21 08:27 · Score: 1
  
  I guess I can see your point with the items you listed. They do seem to be valid use cases.
  I think perhaps the root of the problem is that I can't think of a single person whom I would want up to the minute updates on.
  Still...I can imagine perhaps sporting events or maybe a huge news story while I'm at work or on my mobile and don't have a proper connection handy.
12. Re:Interesting, yet pointless by Jedi+Alec · 2010-09-21 08:28 · Score: 1
  
  Yup, it's pretty much IRC, except one's future employer has been provided with a better search engine to find out all the inane crap we spouted 20 years from now ;-)
  
  --
  
  People replying to my sig annoy me. That's why I change it all the time.
13. Re:Interesting, yet pointless by MobileTatsu-NJG · 2010-09-21 08:29 · Score: 2, Insightful
  
  Is it really better than reading a well thought out and reasoned article about something?
  I like how you ask this on a site that routinely uses the term "RTFA".
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
14. Re:Interesting, yet pointless by Pecisk · 2010-09-21 08:31 · Score: 2, Insightful
  
  While Twitter is not Jack Of All Trades as Facebook claims to be for example, it is very useful tool for information freaks. It really is useful IF used properly - or complete waste of time if not. I use it to get info about lot of interesting things which I would miss otherwise. No, I don't use it for 'OMG Radiohead rulles'. I also use it for spreading information which can be interesting for others too.
  In fact Twitter IS micro blogging, so in nutshell, it has mostly those same strengths and weaknesses as normal blogging. However, it is much easier to just write small message than compose entire blog entry. So you can state a fact about traffic on road. Or result in sports game. Or anything what happens, you witnessing it and want to spread message quickly. It feels and works like sms network.
  So, again, it really depends how do you use this tool. Some companies use it to get fast and quick communication with clients when needed. They follow filters and tags and react if there is a problem.
  
  --
  user@ubuntubox:~$ stfu This server is going down for shutdown NOW!
15. Re:Interesting, yet pointless by kaiser423 · 2010-09-21 08:32 · Score: 4, Interesting
  
  Instead of having our captain for the team manage an ungodly email list for game times, updates, notifications, etc, he just has a twitter feed.
  
  That way, it's hey you're new to the team, subscribe to @MySoccerTeamName and get all the info on when/where our games are, planning for team BBQ's, etc.
  
  Because someone always changes an email, or someone gets all spam-infected and spews to the whole list or whatever and you have bounces, etc.
  
  A twitter feed is just dead simple. It's also nice for quick updates; I couldn't make the game, but the captain tweeted a 5-2 win immediately after, so I got to see it.
  
  It's incredibly nice; no need to visit a webpage or check your email or whatever, it's in a little app that everyone has on their phone or computer or whatever.
16. Re:Interesting, yet pointless by metamatic · 2010-09-21 08:35 · Score: 3, Insightful
  
  Actually, no, as a means of just sharing links to information it sucks, because you generally can't fit URLs and useful description into 140 characters--so you either have to skip describing the thing you're linking to, or you have to obfuscate the URL through a redirection service.
  Facebook, delicious.com, Tumblr etc are much better ways of sharing links to information.
  
  --
  GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
17. Re:Interesting, yet pointless by TheFlamingoKing · 2010-09-21 08:45 · Score: 2, Funny
  
  Behold, the Twitter dualism:
  1. All tweets are mindless drivel about what someone ate, the weather, and other trivialities.
  2. Your potential employer will mine this deeply personal information and use it against you.
18. Re:Interesting, yet pointless by slapout · 2010-09-21 09:03 · Score: 1
  
  "Really,I know a lot of people seem to be using twitter, but I just don't get it. Am I too old?"
  I used to think the same thing until I started playing with it. It's all about who you follow. For instance, I follow Weird Al and every couple of days he posts something funny. And it's also how I found out about a Ustream Q&A that he was doing one day. Back in 2008, I was following Leo Laporte, but instead of tech posts, I was getting commentary on the US presidential elections. So I unfollowed him. It's all about finding people who post things that interest you and then following them.
  
  --
  Coder's Stone: The programming language quick ref for iPad
19. Re:Interesting, yet pointless by istartedi · 2010-09-21 09:07 · Score: 1
  
  I can't think of a single person whom I would want up to the minute updates on
  Neither can I. That's why I don't follow anybody who tweets their poops.
  
  --
  For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
20. Re:Interesting, yet pointless by mark72005 · 2010-09-21 09:11 · Score: 1
  
  I use it to aggregate a lot of information from feeds of my choosing into one place. RSS does this as well, but the same content is not available and it's not as bite sized and scannable to me.
  
  Plus it allows me to interact, which RSS does not.
21. Re:Interesting, yet pointless by vlm · 2010-09-21 09:14 · Score: 1
  
  or you have to obfuscate the URL through a redirection service.
  I refuse to click on those, too easy to be goatse'd or rickrolled
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
22. Re:Interesting, yet pointless by Quirkz · 2010-09-21 09:17 · Score: 1
  
  I use them to announce updates for my online game. Generally those updates need to be short, or details need to be elsewhere, like on forums, for lengthy discussion. It works fantastically as a way to let people know about changes.
  Technical truth is I post the update on Facebook and let it forward to Twitter. It automatically applies URL shorteners for me, making things even easier.
  
  --
  The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
23. Re:Interesting, yet pointless by sakasune · 2010-09-21 09:17 · Score: 1
  
  Is that a reference to this Penny Arcade?
  
  http://www.penny-arcade.com/comic/2008/4/23/
  
  --
  "You're arguing for a universe with fewer waffles in it," I said. "I'm prepared to call that cowardice."
24. Re:Interesting, yet pointless by Hatta · 2010-09-21 09:26 · Score: 1
  
  That explains why people post to Twitter. Why do people read it?
  
  --
  Give me Classic Slashdot or give me death!
25. Re:Interesting, yet pointless by lmr2020 · 2010-09-21 09:42 · Score: 1
  
  I'm 55 and I use Twitter daily. It's a way of catching up quickly with my friends and family without having to visit a Facebook page (which I do not use) or texting (which I also do not use). I follow my favorite musical artists and authors, support various charities and help groups, and get links to many various articles and blogs that interest me.
26. Re:Interesting, yet pointless by PRMan · 2010-09-21 09:43 · Score: 1
  
  I thought it would be interesting during hockey's free agency period, but it's caused nothing but problems. There have been more false reports this offseason than in the last 20 combined.
  
  --
  Peter predicted that you would "deliberately forget" creation 2000 years ago...
27. Re:Interesting, yet pointless by dotgain · 2010-09-21 09:48 · Score: 2, Insightful
  
  Never happened to me once. Probably got something to do with not following idiots who post such links.
28. Re:Interesting, yet pointless by koiransuklaa · 2010-09-21 10:01 · Score: 1
  
  I can't think of a single person whom I would want up to the minute updates on.
  If this is what all your friends are doing, may I suggest the problem is with them, not the medium?
29. Re:Interesting, yet pointless by josgeluk · 2010-09-21 10:07 · Score: 1
  
  Actually, no, as a means of just sharing links to information it sucks, because you generally can't fit URLs and useful description into 140 characters--so you either have to skip describing the thing you're linking to, or you have to obfuscate the URL through a redirection service.
  Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.
30. Re:Interesting, yet pointless by lennier · 2010-09-21 10:48 · Score: 1
  
  I treat it more as an RSS feed
  So why not use RSS?
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
31. Re:Interesting, yet pointless by lennier · 2010-09-21 10:50 · Score: 3, Informative
  
  Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.
  Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.
  Tim Berners-Lee cries!
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
32. Re:Interesting, yet pointless by lennier · 2010-09-21 11:01 · Score: 2, Insightful
  
  Because someone always changes an email, or someone gets all spam-infected and spews to the whole list or whatever and you have bounces, etc.
  A twitter feed is just dead simple. It's also nice for quick updates; I couldn't make the game, but the captain tweeted a 5-2 win immediately after, so I got to see it.
  It's incredibly nice; no need to visit a webpage or check your email or whatever, it's in a little app that everyone has on their phone or computer or whatever.
  All these things are sensible, but I have two major questions:
  1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?
  2. Why does it have to be limited to 140 characters? People who want publish/subscribe also want to send arbitrary files to all their friends, not just tiny snippets which can't even store a Web-standard URL. Since most people on mobile devices now use data services, there seems to be no reason to hamstring serious computer users just to keep up compatibility with a broken historical text-messaging limit.
  Pub/sub and microblogging are two orthogonal technologies. Rather, channel-oriented pub/sub is a distribution model (solving the nightmare of managing mailing lists), and microblogging is an application. We should not tie the pub/sub distribution model myopically to the microblogging application. Twitter (and Facebook) both seem to be very obviously The Right Thing To Do but equally obviously The Wrong Way To Do It . So when does the Right Thing appear?
  Have we so soon forgotten that what make the Web work was open distributed free-to-implement standards?
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
33. Re:Interesting, yet pointless by Provocateur · 2010-09-21 11:02 · Score: 1
  
  Do you post stuff yourself, so they get to follow you as well? (It is a serious question, specially since you mentioned that you don't text. I might start doing it as well but I can also text)
  
  --
  WARNING: Smartphones have side effects--most of them undocumented.
34. Re:Interesting, yet pointless by mattack2 · 2010-09-21 11:19 · Score: 1
  
  Facebook, delicious.com, Tumblr etc are much better ways of sharing links to information.
  I'm not completely disagreeing with you, but the fact that the messages just come to my phone, rather than having something I have to go out and seek, is convenient.
  Even saying that, I *do* wish I could also/instead have the tweets of each twitter user I follow emailed to me once a day. It'd be even easier to skim that way.
35. Re:Interesting, yet pointless by phorm · 2010-09-21 11:51 · Score: 1
  
  1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?
  Probably because nobody has made one, or at least not one that was as easily adoptable.
  2. Why does it have to be limited to 140 characters? People who want publish/subscribe also want to send arbitrary files to all their friends, not just tiny snippets which can't even store a Web-standard URL. Since most people on mobile devices now use data services, there seems to be no reason to hamstring serious computer users just to keep up compatibility with a broken historical text-messaging limit.
  It appears to be the standard limit for the size of a text-message... (http://www.140characters.com/2008/11/13/hello-world/)
36. Re:Interesting, yet pointless by lmr2020 · 2010-09-21 12:02 · Score: 1
  
  Yes, I also post on Twitter.
37. Re:Interesting, yet pointless by Cimexus · 2010-09-21 12:17 · Score: 1
  
  Cause most things these days offer a Twitter feed but not many offer RSS. Plus Twitter is two-way.
  I basically just use Twitter as a glorified aggregation service. News headlines from a variety of sites. My ISP's file mirror updates. Updates from bands I follow. Info from online games that I play. Half these organisations don't have RSS feeds, and even if they did, you can't communicate back to them, which is very handy. I even had a issue with my mobile phone provider sorted out via Twitter the other week - certainly beats sitting on hold on the phone for hours.
  I don't really use it for social purposes at all ... as GP says things like Facebook are much better for that. But it's basically the RSS of the 2000s.
  As an aside ... can anyone recommend a good iOS RSS reader?
38. Re:Interesting, yet pointless by Fex303 · 2010-09-21 12:38 · Score: 1
  
  1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?
  Because the folks at Twitter made it, and seem to want it that way. Not ideal, but if it had been launched as a protocol it would be basically impossible to get updates and tweaks happening. There's probably a lot more to this, but basically it boils down to the fact that VC sponsored ideas are not likely to become protocols.
  
  2. Why does it have to be limited to 140 characters?
  This seems arbitrary, but it's a key part of why Twitter is good. You can't post long, boring diatribes. You have to be snappy and concise. That makes it possible to follow a bunch of people, since none of them can flood your feed with TL;DR garbage. The downside is that you can't discuss a nuanced topic or hold a decent debate on Twitter. But that OK, because that's not what Twitter is about.
39. Re:Interesting, yet pointless by bertoelcon · 2010-09-21 12:53 · Score: 1
  
  Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.
  If they are worth it then the sites can be found another way.
  
  --
  Anything can be found funny, from a certain point of view.
40. Re:Interesting, yet pointless by bertoelcon · 2010-09-21 12:56 · Score: 1
  
  That explains why people post to Twitter. Why do people read it?
  People want to feel part of a group that bitches about things they bitch about?
  
  --
  Anything can be found funny, from a certain point of view.
41. Re:Interesting, yet pointless by MrCrassic · 2010-09-21 13:24 · Score: 1
  
  Then just use a verification service to unmask the trimmed URL.
42. Re:Interesting, yet pointless by commodoresloat · 2010-09-21 13:32 · Score: 1
  
  That explains why people post to Twitter. Why do people read it?
  Who says anybody reads it?
43. Re:Interesting, yet pointless by Idiomatick · 2010-09-21 15:13 · Score: 1
  
  To be fair, the summary is still more information than a tweet. It including the title and the link is nearly 600 characters, more than 4 twits. And way more information is available in the fucking article if you chose to read it.
  
  And to add to that there are many sorted, nested comments that are ranked to enable you to find the most relevant informative posts. Most of which break the 140 character limit.
  
  None of this is available in twitter. It is not at all conducive to informative discourse nor does it provide you with the ability to better inform yourself.
44. Re:Interesting, yet pointless by MobileTatsu-NJG · 2010-09-21 15:51 · Score: 1
  
  To be fair, the summary is still more information than a tweet.
  
  To be fair, most people respond to a thread with less than 140 characters worth of unique information in the summary. It's not like we're talking about excerpts that are densely packed. Look at your own post. Here's the pertinent info:
  "Summaries and comments have more information than tweets, therefore Twitter is useless".
  All the other words were used in an attempt to defend against my inevitable rebuttal.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
45. Re:Interesting, yet pointless by sakdoctor · 2010-09-21 16:45 · Score: 1
  
  So twitter is nothing at all?
46. Re:Interesting, yet pointless by istartedi · 2010-09-21 17:32 · Score: 1
  
  Nope. Never seen it. Not surprised it was thought of before though.
  
  --
  For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
47. Re:Interesting, yet pointless by Idiomatick · 2010-09-21 17:37 · Score: 1
  
  Lol. I could point form any essay or debate into "I think that ____" but that defeats the fucking purpose doesn't it.
48. Re:Interesting, yet pointless by MobileTatsu-NJG · 2010-09-21 17:54 · Score: 1
  
  That depends on what the listener of the information you're offering is trying to gain from it.
  
  --
  
  "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
49. Re:Interesting, yet pointless by ContentCharacter · 2010-09-21 18:47 · Score: 1
  
  It's pretty useful as a simple common platform for sending/receiving short alerts, like commuter rail updates. You can also use the web URL, e.g. http://twitter.com/VaRailXpress to check for recent tweets without ever signing up.
50. Re:Interesting, yet pointless by cyclomedia · 2010-09-21 21:12 · Score: 1
  
  Seconded, If you try to follow a lot of people on twitter (in an effort to conform to some social rules and not shun people who you like) then it will become useless except as your own broadcast tool. The trick is to follow enough people who tweet at a rate such that the amount of new stuff to read at the frequency you check twitter isn't under, or over-whelming.
  There, I made it a maths problem and as such will make slashdotters interested in it.
  The good thing about twitter is that you can use it to update the world about your projects (or anything else you find interesting) and only people who are interested in what you want to say will be listening, and I think this last point is what a lot of people don't get. You are not pretentiously standing on a soapbox shouting about your life believing that the world really aught to pay attention to you (though one suspects some people are) you are only thinking out loud, and follow/unfollow allows everybody to selectively filter in a way that they wouldnt be able to do in a real life crowded place full of soapboxers.
  
  --
  If you don't risk failure you don't risk success.
51. Re:Interesting, yet pointless by Jeppe+Salvesen · 2010-09-21 21:25 · Score: 1
  
  Well duh. Or the web site you link to re-engineers its layout without providing back-compatible redirection...
  Anyhow - I store bookmarks in my bookmark collection. Twitter is mostly a way of quickly sharing and discovering ephemeral information, anyways: If I want to keep stuff, I export it from the cloud.
  
  --
  Stop the brainwash
52. Re:Interesting, yet pointless by Zebedeu · 2010-09-21 21:39 · Score: 1
  
  2. Why does it have to be limited to 140 characters?
  This seems arbitrary, but it's a key part of why Twitter is good. You can't post long, boring diatribes. You have to be snappy and concise.
  Though I agree with you, I always thought the 140 character limit wasn't arbitrary, but a limitation imposed by the fact that many people at the time were getting Twitter updates over SMS.
  I know that's why my friends and I originally got onto Twitter. At that time, mobile internet was expensive and web integration in mobile phones wasn't anything to write home about (for example, most phones wouldn't allow a background service checking your twitter feed on the internet).
  Nowadays, that's changed. I suspect that now most people are reading and posting to Twitter over the internet, especially in Europe where the SMS service was canceled due to high costs some years ago.
53. Re:Interesting, yet pointless by heavygravity · 2010-09-21 21:44 · Score: 1
  
  I agree that it is mostly pointless. However, we use it in a way that I find very useful, but only occasionally. We have an Iridium equipped aircraft that has very limited data connectivity. When we are flying it over the Arctic or Antarctic for our work, we can update people on what we are doing and seeing using Twitter and our very limited data connection on an hourly basis. That means that mom back at home (or program managers, or interested scientists, students, whatever ) can monitor what we're doing almost while we are doing it. It's an easy solution to updating people and possibly providing some interesting information in semi-real time. However, I have yet to see any other practical use for it. I don't give a rats ass about using Twitter.
  
  --
  Cuban Music MP3's - cuband.com
54. Re:Interesting, yet pointless by Smekarn · 2010-09-21 22:54 · Score: 1
  
  The reason why people (such as myself) are so quick to let everybody know that they do not care very much for Twitter or Facebook etc. is not that they feel a need to exhibit their "unique" standpoints or what ever (I personally feel it's the other way around: "Hey! Look at me! I'm hip! I use twitter and facebook! I'm with it!").
  
  I spend a lot of time bashing Facebook, Twitter and even the concept of Blogging, is because I'm so god damned tired of everyone talking about it as if it's something new! I mean come on people! There were communities and messaging clients before. Blogging? Please. It's called WRITING ABOUT STUFF and it has been done for ages, believe it or not.
  
  Of course, I can only speak for myself but this is why my blood starts boiling every time some asshat starts going "Ooh! the internet was used in a more efficient manner than it was ten years ago! This had an impact on stuff like elections or petitions!"
  
  No shit? good, NOW LET'S MOVE ON!
55. Re:Interesting, yet pointless by LordSnooty · 2010-09-21 22:57 · Score: 1
  
  Good, that must mean there's no point to Twitter then.
56. Re:Interesting, yet pointless by Jason+Levine · 2010-09-22 01:34 · Score: 1
  
  And you can read Twitter messages in an RSS feed format. However, my phone (which isn't a smartphone) can't pull down the latest RSS feed updates via SMS and let me update my RSS feed by sending an SMS message. There are different ways of accomplishing the same thing. Twitter is one way of doing it and it is an easy way for many people.
  
  --
  My sci-fi novel, Ghost Thief, is now available from Amazon.com.
57. Re:Interesting, yet pointless by Jason+Levine · 2010-09-22 01:40 · Score: 1
  
  1. If it were some kind of e-mail extension, spam would be more of a problem. There are three kinds of Twitter messages. The normal "timeline" messages of people you follow, mentions and direct messages. Spammers can't send you direct messages or appear in your timeline unless you follow them (and spamming you would get you to unfollow them quickly). They can still use mentions, but there's a limit to how many people one mention can include and Twitter has added a "Report a Spammer" tool which takes spammers down rather quickly. E-mail is a lot easier for spammers than Twitter.
  2. 140 characters is the limit because (as other's have said) you need to accommodate SMS users (like myself).
  
  --
  My sci-fi novel, Ghost Thief, is now available from Amazon.com.
58. Re:Interesting, yet pointless by m50d · 2010-09-22 02:34 · Score: 1
  
  Since most people on mobile devices now use data services, there seems to be no reason to hamstring serious computer users just to keep up compatibility with a broken historical text-messaging limit.
  You overestimate the rate at which people upgrade their phones. You may be rich, but there are plenty of folks out there using 15-year-old nokias.
  
  --
  I am trolling
59. Re:Interesting, yet pointless by LordSnooty · 2010-09-22 03:55 · Score: 1
  
  Twitter. Perfecting the art of people talking at, rather than to each other.
60. Re:Interesting, yet pointless by GameboyRMH · 2010-09-22 06:41 · Score: 1
  
  SMS is 160 characters because research determined that to be sufficient length for one thought.
  Bzzt, wrong. You do get consolation points for the warm and fuzziness of your answer though!
  SMS is 160 characters because that's the number of leftover, unused bytes in the packets that your cell phone is constantly exchanging with the cell towers, which also carry info on signal strength and other technical network info the phone and tower use to manage communications. When you send a text, it hitches a ride on one of these packets that was going to be sent anyways, and the carrier makes money. Ka-ching!
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
dupe by Anonymous Coward · 2010-09-21 08:09 · Score: 1, Insightful

This was covered in the original post this morning. Nothing new in FTA versus the comments in the other one...
Obligatory by Anonymous Coward · 2010-09-21 08:14 · Score: 4, Funny

Twitter closes hole after attack hits up to 500 000 of its users, known as twits.
Title should have been: The early bird... by Starteck81 · 2010-09-21 08:24 · Score: 3, Funny

...gets the worm and then tweets about it. ;-)

--
"There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed H
But something was gained! by spun · 2010-09-21 08:31 · Score: 4, Funny

Anything that gets Twitter to shut its damn hole is a good thing IMHO.

--
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Twitter has a hole? by LoudMusic · 2010-09-21 08:55 · Score: 1, Troll

I thought Twitter was between two holes ... ??
http://30.media.tumblr.com/hnBdf3xhZn70lld3VLy3gSBUo1_400.jpg

--
No sig for you. YOU GET NO SIG!
cost? by vlm · 2010-09-21 09:17 · Score: 1

putting estimates of the total number of victims at around 500,000 according

What if each text costs ten cents, thats $50K of revenue for the telcos. Since "everyone knows" the actual cost of service is like a million of a cent per text, thats about $50K profit for the telcos.

--
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
noscript by bhcompy · 2010-09-21 09:22 · Score: 2, Informative

And this is why I use NoScript. Sweet, sweet XSS protection with large, annoying warning when you come across one.
Why all the hate? by inanet · 2010-09-21 10:12 · Score: 3, Insightful

I really don't get the twitter hate.

I don't like facebook, but I can see its value, particularly if you manage it right and use it to share news and photos with friends and family etc. there are other valuable uses, but I use the example.

I still dont use it.

I don't use bebo, or myspace, or facepalm or crotchpunch.

Doesn't mean I have to hate on them.

I use twitter in much the same way other people have mentioned. I don't follow twitter shitters. (people who tweet constantly about inane shite) But I do follow people who provide interesting information, along with people I know and a range of news sites from aljazeera to bbc, to the NZ news site stuff, to Scientific american, and a range of others!

I follow a range of people, and I Find twitter useful because i can fire up my smartphone, pull up my twitter client and get a "snapshot of the world" and that's really what it is, any big news event happens, anywhere in the world I would probably put money on the fact I'll hear about it before anyone who isn't on twitter and isn't directly affected.
XKCD did a great comic about how people could hear about an earthquake via twitter before the actual shockwaves hit them.
but in short, if you don't want to use twitter, then don't, but all that your raging anti-twitter stance says is "I tried twitter but nobody followed me back"
so obviously you had nothing to add, therefore thank you for not using the service, you've increased its value already!

--
"This is my Sig. there are many like it but this one is mine."
1. Re:Why all the hate? by apoc.famine · 2010-09-21 13:31 · Score: 5, Insightful
  
  I had this discussion over some beers with some like-minded friends recently. What we settled on was, "When does it stop?"
  
  BBS, finger, chat, IRC, email, IMs of 90 flavors, pagers, forums, MySpace, texting, LiveJournal, Blogs, Facebook, Twitter, LinkedIN, etc...
  
  I think the Twitter hate is because you are hanging around the demographic that's largely filled its quota for "new shit that I have to keep track of". Add in our games, RSS feeds, slashdot, comics, etc., and we've filled our time on the internet. We either have to start purging old methods of communication and old pastimes, or we can't start new ones.
  
  Right now, there's a large number of us who have thriving communities in enough places that we're not interested in another. It's not just Twitter - that's just the one that we're being pushed the hardest to adopt. And for a lot of us, Twitter doesn't hold a draw. I'm sure you've found some reasons to adopt it. But I don't have time for it. I'm full up.
  
  Yet here you are, blathering on about how you use Twitter for so many things, how useful it is, blah blah blah.
  
  Does it make any more sense now why the Twitter hate? We don't care already. Shut up about it. Some of us aren't about to give up something else for Twitter, and we'd need to in order to pay attention to it.
  
  Our information bandwidth has been exceeded.
  
  The sooner you and everyone else stops rambling on about The Next Big Thing On The Internet, the sooner we'll stop hating it.
  
  (For the record, I came here to find technical details about the XSS, for although I don't care about Twitter, the details are important in the grand context of the internet. I just figured since you hadn't figured it out yet, I'd stop and point out why a lot of us hate Twitter. And your post which had nothing to do with the details of this attack is a prime example. We get it. You want to make passionate love to Twitter and have its babies. Yet you come to an article about a hack job, and instead of posting anything interesting about the technical aspects, you post a totally unrelated bit of flamebait about "Twitter Hate". That's why we hate Twitter. People doing what you just did. So if it bothers you that we hate your exciting new lover, stop posting shit about your love for Twitter when it's entirely inappropriate.)
  
  --
  Velociraptor = Distiraptor / Timeraptor
2. Re:Why all the hate? by minus9 · 2010-09-21 19:36 · Score: 1
  
  Could you rephrase that in less than 140 characters please. Nobody is going to read all that.
3. Re:Why all the hate? by Smekarn · 2010-09-21 22:59 · Score: 1
  
  It's not Twitter or Facebook we hate. I'm sure they are perfectly useful services.
  
  It's the disproportionate, misinformed hype that never seems to go away that makes me want to punch twits in the face.
4. Re:Why all the hate? by Ol+Olsoc · 2010-09-22 08:08 · Score: 1
  
  Why the hate? Twitter and F-book have made the crossover into trendiness. Listening to how awesome they are is about as enjoyable to me as posts about Lindsey Lohan's latest failed drug test. The only difference is I feel kinda sorry for her.
  I get the impression that the people who love People Magazine and OMG are the same people that think Twitter and F-Book are wonderful.
  
  --
  Why is this even on SlashDot?... Why is this even on Slashdot?...Why is this even on Slashdot?
An XSS attack? Really? In this day and age? by wiredog · 2010-09-21 10:13 · Score: 1

This is an old (for the web) type of attack. No web site should be vulnerable to this sort of thing because all web developers (including me) know to sanitize their inputs. If only in order to avoid a Bobby Tables incident

--

Best Slashdot Co
1. Re:An XSS attack? Really? In this day and age? by wiredog · 2010-09-22 00:10 · Score: 1
  
  That's the point!
  
  --
  
  Best Slashdot Co
Re:Twit of the year by techno-vampire · 2010-09-21 10:32 · Score: 1

I would have thought that this would have been more appropriate, but YMMV, and obviously does.

--
Good, inexpensive web hosting
By my calculations by ksandom · 2010-09-21 12:02 · Score: 2, Interesting

that's ~81 minutes or just under an hour and a half. When was their discovery of the issue? If that's 1.5 hours from becoming aware of the issue to closing it, it's not terrible. What time of day was it at the office doing the maintenance? Was it even in office hours when someone would be there?

--
Funnyhacks - Wierd, unusual, and fun hacks
Please explain by gringer · 2010-09-21 14:43 · Score: 1

So, twitter is a bit like IRC. Is there a web interface to an IRC server that works in a similar way to twitter? It seems a bit silly to re-invent a protocol that's like IRC, but with fewer characters per message.

--
Ask me about repetitive DNA
1. Re:Please explain by Push+Latency · 2010-09-21 17:14 · Score: 1
  
  Agreed. I was just explaining this to a friend moments before I read your post.
  
  As for the Twit-Hate noted earlier, (and in every post on /. about the service), appropriation of the octothorpe is irritating, middle-managers convinced that Twit-marketing will solve all their problems is tedious, lame Twits are... twits, but my main complaint is the irritating name. I'm just so tired of the all the irritating names... it's enough to make me start to hate he kinds of spiffy technologies that used to bring me great joy. I'm still not over the whole ''i'' thing. I'll never forget the Kindle marketing release video, how the ''i'' swims right out at you when the name dissipates to bring in the next frame. I'm just tired of it all.
It is the txt generations by SmallFurryCreature · 2010-09-21 22:52 · Score: 1

See Rudy Park, it the txt generation, which believes that instant information, no matter how shallow, is a good thing and actually faster then the old fashioned slow media... like when an aircraft crashed in Holland, twitterers were very proud that twitter reported it first. Except it didn't. The radio did.
It fits with a generation raised on txt and very short attention spans. For many, this rant is already far to long. And I say generation, but really mean a group because not all young people are twitter nuts and not all old people have escaped it. It is more of a culture. The current MTV crowd, shallow as hell but lots of meaningless info that gives the appearance of depth with actually containing any. It is CNN, they shout very loud they got the most and the latest news so it must be true despite that the actual news content is a single sentence repeated a hundred times over. Even ex-science channels got it with documentaries that are along the lines of "Shark got big teeth, see this big teethed shard which has big teeth. It is known that shark got big teeth and these teeth the shark got are big and etc etc". Yes thank you. 1 hour, 2-3 lines of zero content repeated in as many ways possible.
Twitter is for people that think every thought in their head should be instantly broadcast to the world and others who actually FOLLOW this. Don't know which is sadder. Writing about my breakfast or reading about someone elses.
BUT it is NOTHING new. Countless cafeteria's have seen similar vapid discussions. We are the chattering monkey.
I yesterday was faced with a discussion about online games for women. Is there a market? One person did not get it. SHE did not want to play games AFTER a hard day at the work... no indeed. BUT the market for that is HOME-MAKERS. NOT women with intresting jobs.
Twitter ain't for you. You got other methods of airing your thoughts including maybe not airing them at all. Some people choose differently.
Let them.
I live happily with twitter by not using it. It doesn't disturb me that someone else tweets about his bowel movements. Because it does not affect me. At least they are not loudly proclaiming about their operation in the seat next to me. MTV might be the most moronic thing ever, but I simply removed it from the list and never have to deal with it. The txt generation mostly passes me by. Why are you so upset with them?

--

MMO Quests are like orgasms:
You may solo them, I prefer them in a group.