Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter #Hacked

Posted by timothy on from the coz-it's-a-hashtag-see dept.

theodp writes "Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."

111 comments

  1. quick and dirty programming by slmdmd · · Score: 2

    java app => cron: reboot/restart apache/jboss/tomcat : every week

    1. Re:quick and dirty programming by Anonymous Coward · · Score: 0

      I thought the same until I discovered Jetty. Never touched Tomcat with a ten foot pole since then.

  2. Safari and Firefox by icebike · · Score: 4, Insightful

    Who reads twitter with a web browser anymore? All quarter million of these accounts?
    Or was that avenue used to gain access on a server to a password databases or what?

    TFA says

    hackers gained access to Twitter's internal systems and stole information, compromising 250,000 accounts

    They then reference an advisory from the U.S. Department of Homeland Security that users disable Java on their computers.

    Maybe Twitter should follow DHS?

    This sounds like half the story. And press accounts aren't much more informative. Seems everyone is playing this java angle
    pretty close to the vest.

    --
    Sig Battery depleted. Reverting to safe mode.
    1. Re: Safari and Firefox by Anonymous Coward · · Score: 3, Insightful

      Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

    2. Re:Safari and Firefox by Mashiki · · Score: 1

      Who reads twitter with a web browser anymore?

      Did osmosis and transmission into the brain by optical cable get perfected while I was offline in the last three weeks? Can you let us in on the secret...

      --
      Om, nomnomnom...
    3. Re:Safari and Firefox by icebike · · Score: 4, Funny

      Who reads twitter with a web browser anymore?

      Did osmosis and transmission into the brain by optical cable get perfected while I was offline in the last three weeks? Can you let us in on the secret...

      Funny little thing happened while your were asleep Rip Van Winkle. Smartphones were found under a cabbage leaf and the world rejoiced.

      --
      Sig Battery depleted. Reverting to safe mode.
    4. Re:Safari and Firefox by 93+Escort+Wagon · · Score: 4, Insightful

      Yeah, reading tweets on a little phone screen. That's a step forward, yes it is.

      --
      #DeleteChrome
    5. Re: Safari and Firefox by tlhIngan · · Score: 4, Informative

      Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

      They'd have to be both - as in a Mac running 10.6 or earlier since Apple removed Java from the OS and blocked old versions. Heck, a couple of days ago Apple blocked ALL versions of Java (they set the minimum version to 0.0.01 above the current one - Oracle just released it that was 0.0.02 above their previous version).

      Apple basically kicked Java to the curb with Flashback - they removed their version of Java from the OS (by blocking it, requiring install of the Oracle one). And the Java plugin for Safari is disabled by default - you can enable it, but I believe it disables itself automatically 30 days later, so you have to re-enable it again.

    6. Re:Safari and Firefox by sgunhouse · · Score: 1

      Sounds to me like they have found Java exploits posted to compromised accounts, at a guess. They're advising people to disable Java so that their personal computers aren't compromised as well..

      How much personal information is required to set up a Twitter account? I don't use it, but I'd guess not much. So what the hackers gained is 1/4 of a million places to post links to exploit sites - places that may have a wide audience (twitter followers).

    7. Re:Safari and Firefox by kdemetter · · Score: 1

      And how exactly is that not using a web browser ? It may not look the same way, but it does the same thing : it connects to a website ( using HTTP protocol ) , thus allowing you to browse the web. So it's still a browser.

      However, being a browser doesn't mean it has to support applets.

      --
      Slipping shoelaces ?
    8. Re:Safari and Firefox by foniksonik · · Score: 3, Interesting

      And access to any sites using Twitter OAuth credentials.

      --
      A fool throws a stone into a well and a thousand sages can not remove it.
    9. Re: Safari and Firefox by Anonymous Coward · · Score: 0

      It probably was not a coincidence that Apple blocked Oracle Java applets and Twitter announced this hack within a couple days. The G-Men were probably standing around supervising.

      In any case, it''s important to remember that developer systems are much softer than the public web servers. If a hacker can find a localhost:8080 URL, you might get owned.

    10. Re:Safari and Firefox by Anonymous Coward · · Score: 1

      Yeah, reading tweets on a little phone screen. That's a step forward, yes it is.

      Originally Twitter was supposed to be a SMS broadcast service to make it easy to tell your bros you were at the bar. 140 chars = worked on your shitty 2007 dumbphone. That was a step forward.

      All the witty one-liner stuff, celebrities and politicians spewing talking-points, journalists spamming urls, etc, was an unanticipated side-effect.
       

    11. Re:Safari and Firefox by RCL · · Score: 1

      So what. If I spend at least 8 hours daily in front of a (desktop) computer with an abundant screen space (two large monitors), why should I read tweets on my mobile device(s)? When I'm commuting, I don't have much time for that either.

      --
      Coding etudes
    12. Re:Safari and Firefox by Tridus · · Score: 1

      Yeah, and overnight all the PCs in the world vanished like magic!

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    13. Re:Safari and Firefox by Mashiki · · Score: 1

      Funny little thing happened while your were asleep Rip Van Winkle. Smartphones were found under a cabbage leaf and the world rejoiced.

      Well someone already made the point, on smartphones and that tiny ass little screen. I mean really now, as you get older that tiny screen is going to get mighty tough to look at. So tell me again, why would I want to read something in a 4" to 8" area, when I can look at it on a 22" to 27" area in much better resolution without straining my eyes.

      --
      Om, nomnomnom...
    14. Re:Safari and Firefox by Anonymous Coward · · Score: 0

      Yeah, web browsers are only for old people.

    15. Re:Safari and Firefox by Anonymous Coward · · Score: 0

      Is 140 characters too much to fit on a smartphone screen? twitter was designed to be used from mobiles.

    16. Re:Safari and Firefox by jkflying · · Score: 1

      There's an App for that...

      --
      Help I am stuck in a signature factory!
    17. Re:Safari and Firefox by Anonymous Coward · · Score: 1

      Reading tweets period is a massive step backwards. I'm thrilled we could slave to produce this "internet" you all are glued to, reading.....tweets. Awesome. Next time I'm going to engineer new lollipops, that seems to be more your(and the other tweet-consuming masses) speed.

    18. Re:Safari and Firefox by NotBorg · · Score: 2

      Who reads twitter with a web browser anymore?

      Anyone clicking a link in a Twitter keep alive e-mail. Recently they've taken a play from Facebook and started spamming anyone they think might be loosing interest in their network. If you're not actively engaged with a certain usage pattern you get mail.

      --
      I want this account deleted.
    19. Re:Safari and Firefox by antdude · · Score: 1

      I read Twitter in my web browsers. I don't own a mobile phone. :P

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    20. Re:Safari and Firefox by icebike · · Score: 1

      If you need 22 inches to read a 148 character tweet you might as well get a screen reader to read them aloud for you. Or better yet, buy some glasses.

      --
      Sig Battery depleted. Reverting to safe mode.
    21. Re:Safari and Firefox by IANAAC · · Score: 1

      There's an App for that...

      That uses HTTP...

    22. Re: Safari and Firefox by MacDork · · Score: 1

      Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

      They'd have to be both - as in a Mac running 10.6 or earlier since Apple removed Java from the OS

      Twitter is staffed by web developers. Web developers typically use Java. I think you might be missing a third possiblility.

    23. Re:Safari and Firefox by mypalmike · · Score: 1

      >> There's an App for that...

      > That uses HTTP...

      to make API calls...

      --
      There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
    24. Re:Safari and Firefox by IANAAC · · Score: 1

      >> There's an App for that...

      > That uses HTTP...

      to make API calls...

      As any web browser would do.

    25. Re:Safari and Firefox by jkflying · · Score: 1

      The entire point being that it isn't being accessed with a 'browser' that has a Java plugin.

      --
      Help I am stuck in a signature factory!
    26. Re:Safari and Firefox by Albert71292 · · Score: 1

      Who reads twitter with a web browser anymore?

      Did osmosis and transmission into the brain by optical cable get perfected while I was offline in the last three weeks? Can you let us in on the secret...

      Funny little thing happened while your were asleep Rip Van Winkle. Smartphones were found under a cabbage leaf and the world rejoiced.

      Not everyone owns a smartphone. I've never owned ANY kind of cellphone. Mainly read Twitter at the webpage on my desktop. If you want to know WHY I don't own a cellphone, it's because I'd find it an unnecessary expense. Haven't found a need for one.

      --
      "A Bird In The Hand Will Poop On Your Wrist"-Benny Hill,1982
    27. Re:Safari and Firefox by Anonymous Coward · · Score: 0

      You're missing the trend of making it dumber for the masses. We used to have chat channels with thousands of topics. Now we have one massive chat channel with thousands of hashtags. We used to have individual webpages and now we have facebook. FB is the new geocities. Come up with a lollipop that doesn't need to be unwrapped, no messy stick to use, doesn't even need to be licked because that takes cordination, and you'll be onto something.

    28. Re:Safari and Firefox by helix2301 · · Score: 1

      When they announce these hacks I would like to know how many are active accounts and not just an account with an egg and one tweet.

      --
      http://www.thetechnologygeek.org
    29. Re:Safari and Firefox by icebike · · Score: 1

      Egg and One Tweet doesn't necessarily mean inactive. Just a listener.

      I know several people who use EOT accounts to follow breaking news, and maybe a sports team or two, but never ever add to the din of pointless babble.

      --
      Sig Battery depleted. Reverting to safe mode.
    30. Re:Safari and Firefox by hkmwbz · · Score: 1

      Smartphones don't have web browsers?

      --
      Clever signature text goes here.
  3. Discrimination by Anonymous Coward · · Score: 0

    I'm not happy about Oracle control over Java, but when Flash and Windows are (still) riddled with vulnerabilities after all these years, why has no quasi-governmental organization ever recommended that either of those be disabled or uninstalled from every computer? Only Steve Jobs took substantive, albeit indirect, steps to eliminate these obvious threats to computer security.

    1. Re:Discrimination by jones_supa · · Score: 4, Informative

      At least Firefox did the right thing and doesn't run plugins automatically anymore by default, with a recent enough Flash being an exception.

    2. Re:Discrimination by Anonymous Coward · · Score: 0

      No it's pain in the ass bullshit which decreases the security.

      If you don't want plugins don't install them.
      If you want plugins but only at certain times then enable and disable them manually.
      If you want plugins all the time just leave them on.

      But don't introduce a half-assed automagic double denial (in address bar and on plugin) that is only marginally usable for unimportant browsing by braindead people who shouldn't have the plugin at all and which otherwise for non-trivial use requires disabling other security and control functions like AdSense or NoScript, making manual about:config modifications, and restarting the browser all to load the service correctly and afterwards one has to do it all in reverse. Add temporary whitelisting if you're sadomasochistic.

      Result:
      Normal users wrongly assume someone will keep them safe.
      Serious users have to wade through nonsense which makes them more vulnerable, least of all to the simplest of mistakes.

      Fuck you Mozilla. Fuck you DHS. Fuck you Oracle. Fuck you Microsoft.

      Anyone "impressed" by federal guidance on computer security are a threat to themselves and others. Fuck you.

    3. Re:Discrimination by pandronic · · Score: 2

      Someone forgot to take their meds this morning ...

    4. Re:Discrimination by Anonymous Coward · · Score: 1

      Only Steve Jobs took substantive, albeit indirect, steps to eliminate these obvious threats to computer security.

      If by "took steps" you mean "died," then yeah you are right.

    5. Re:Discrimination by Anonymous Coward · · Score: 1

      You really shouldn't be calling other users sadomasochistic when you are running NoScript which breaks every other site. You signed up for this, so bend-over bitchboy, and take your configuration problems harder.

      captcha: virgins

    6. Re:Discrimination by Anonymous Coward · · Score: 1

      Sometimes you gotta lead by example.

    7. Re:Discrimination by Tridus · · Score: 1

      Windows is far more secure than Java these days. There isn't a lot of active "load a webpage and your computer is owned" exploits going around, unlike for Java where it's a weekly thing.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    8. Re:Discrimination by Stewie241 · · Score: 1

      Yes, and they did the right thing by allowing you to choose to still run Java. As opposed to Safari where it is blocked and they give you no indication as to how to go about reenabling it.

      There are two things here that Firefox solves better:
      1. They allow you to choose to override the denial so that you can opt to trust a particular applet.
      2. They allow you to still use Java but you have to specifically enable/trust the applets that you need, rather than it being all or nothing.

    9. Re:Discrimination by Anonymous Coward · · Score: 0

      This was the best joke I've read on /. in a long time. The next time I get mod points I am going to come back and upvote the shit out of this posting.

    10. Re:Discrimination by mypalmike · · Score: 1

      > Windows is far more secure than Java these days. There isn't a lot of active "load a webpage and your computer is owned" exploits going around

      To be fair, the typical Java exploit actually goes "load a webpage, Java downloads a Windows executable, runs it, and your computer is owned".

      --
      There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
  4. Re: Did Yoda write this? by Anonymous Coward · · Score: 0

    They meant "did not specify security"

  5. Re:Did Yoda write this? by Anonymous Coward · · Score: 0

    Speak this way, most of us do.

  6. And The Washington Post by guttentag · · Score: 5, Informative
    A New York Times story today adds The Washington Post to the list of American news organizations whose newsroom computers were found to be communicating with computers in China on their own.

    For those keeping score:
    • The New York Times
    • The Washington Post
    • The Wall Street Journal
    • Bloomberg News
    1. Re:And The Washington Post by guttentag · · Score: 0
      How was my post off-topic when the summary for the discussion ended with this?

      Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."

      Moderation abuse? Or are you going to claim the Chinese hacked your Slashdot account to mod my comment down.

    2. Re:And The Washington Post by Anonymous Coward · · Score: 2, Funny

      Begun the cyber war has.

    3. Re:And The Washington Post by GiantMolecularCloud · · Score: 1

      Or are you going to claim the Chinese hacked your Slashdot account to mod my comment down.

      How do you know they didn't?

      I wouldn't put it past them quite frankly.

    4. Re:And The Washington Post by Anonymous Coward · · Score: 0

      Shite "newspapers" are shite and of course their computer security is also shite. I wish they had disappeared entirely. Poison sold and branded as nourishment.

      Thumbs up to whoever attacked them and please don't stop (NaziGods? Fine by me. Anonymous? No problem. Lolcats? Nyaariffic. Anyone? Good).

    5. Re:And The Washington Post by quetwo · · Score: 1

      Maybe the hackers just wanted to read the news before it was re-written for Chinese consumption...

    6. Re:And The Washington Post by Tempest_2084 · · Score: 1

      Begun the cyber war has.

      The seaman looks up and maneuvers the boat toward shore. He cries out "I have waited three ages for someone to say those words and save me from sailing this endless ocean. Please accept this gift. You may find it useful!"

    7. Re:And The Washington Post by Anonymous Coward · · Score: 0

      The cyber war began with Tuxnet and the West's sanctions on Iran, their invasion of Afghanistan and Libya. China and India were just not going to sit around and let the West take over the entire world. They've been pushed into this war. If only the Western countries stopped meddling in the affairs of Middle East and North Africa and let those countries get themselves organized (yes it will take a few generations), then China and India can also leave the West alone and concentrate on their own countries and neighbors.

      And don't bother telling me that China would make war anyway. They've been demonized way too much by the American media and the amount of propaganda against China has totally brain-washed all Americans into believing the Chinese are Evil incarnate with plans to destroy America. The Chinese are much more interested in taking over their immediate neighbors rather than make war with the States, but the Americans' imperialism forces them to act otherwise.

    8. Re:And The Washington Post by Anonymous Coward · · Score: 0

      Wow, please pass whatever you are smoking onto me - it must be wonderful.

  7. Does it mean... by BitterOak · · Score: 1

    I'm having trouble following this. If I understand correctly, if I had Java disabled in my browser already, then my Twitter account is safe? It's really hard to tell from the article.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    1. Re:Does it mean... by mrbluze · · Score: 3, Insightful

      I'm having trouble following this. If I understand correctly, if I had Java disabled in my browser already, then my Twitter account is safe? It's really hard to tell from the article.

      If you don't have a twitter account, you're safe. This exploit was not related to what is on your browser, it was on Twitter's servers.

      --
      Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
    2. Re:Does it mean... by jones_supa · · Score: 1

      Makes me still wonder why the Twitter representative started to talk about disabling Java?

    3. Re:Does it mean... by sumdumass · · Score: 1

      I'm wondering how Java led to a server being exploited unless it was a computer inside their network that allowed remote access and an attack on the servers from within.

    4. Re:Does it mean... by Anonymous Coward · · Score: 0

      If you can control a developer's computer, you can find a way to own the Staging/Test/QA layer. After that, your exploit is pushed to Prod automatically.

    5. Re:Does it mean... by Tridus · · Score: 4, Informative

      Someone inside Twitter's network had Java enabled, and got attacked. Hackers are now inside Twitter and can start poking around.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    6. Re:Does it mean... by SumterLiving · · Score: 0

      I'z gots me guns likn the 2nd amandment sez i coods. Cantz I jus shootz dem hackers insidz twitter.

  8. "manager of network did security not specify" by bill_mcgonigle · · Score: 5, Funny

    Well, one thing is for sure - the exploit was written with a context-free grammar.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:"manager of network did security not specify" by VortexCortex · · Score: 4, Funny

      Well, one thing is for sure - the exploit was written with a context-free grammar.

      I one our free overloards context welcome for.

      Decode shift-pop order via.

    2. Re:"manager of network did security not specify" by Anonymous Coward · · Score: 0

      "News" organizations that can't manage to properly report "news" even when they themselves are the "news". Skyscrapers of defecation pale in comparison to the toxic slush compressed into their heads and constantly regurgitated upon their toiletpaper.

      Wash^WRinse^WRepeat repeat repeat repeat repeat...

      So no, not entirely context-free :)

    3. Re:"manager of network did security not specify" by Anonymous Coward · · Score: 0

      It appears Twitter's manager of network... [sunglasses]... *didn't* security. Yeaahhh

  9. bad things do happen in threes by gQuigs · · Score: 0

    really slashdot? Yay for supersition..

    I guarrantee that more than three organizaions have been cracked in the last week.

    It reminds me somewhat of Tim Minchin at minute 2 in this video: https://www.youtube.com/watch?v=ET1-_PeExMs

    /rant

    1. Re:bad things do happen in threes by VortexCortex · · Score: 4, Informative

      Protip: Right-click video, then "Copy Video URL at Current Time.". Like So: https://www.youtube.com/watch?v=ET1-_PeExMs#t=116s

  10. WTF does by Anonymous Coward · · Score: 0

    "vulnerabilities related to Java in Safari and Firefox" have to do with twitter's "internal systems"

    sounds more like some twits with old java plugins got their passwords swiped by malware, which is nothing new these days.

    1. Re:WTF does by Tridus · · Score: 1

      "Old" as in from two days ago?

      Or maybe it's another unpatched Java flaw being used. Those are a dime a dozen.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    2. Re:WTF does by Anonymous Coward · · Score: 0

      "Old" as in from two days ago?

      Or maybe it's another unpatched Java flaw being used. Those are a dime a dozen.

      "Old" as in they haven't been updating their systems with newer Java updates, not even the one from a few days ago.

  11. Dangit China!... by Anonymous Coward · · Score: 0

    Stop hacking our S**T! We already got North Korea to worry about...

  12. And... by Anonymous Coward · · Score: 3, Insightful

    nothing of value was lost

  13. Corporate Responsibility by rueger · · Score: 0

    I don't know (or specifically care) if I'm among that quarter million users, but it would have been peachy keen if Twitter had taken five minutes to e-mail their friggin' users to tell them.

    --
    Three Squirrels
    1. Re:Corporate Responsibility by rwven · · Score: 4, Informative

      They DID. My account was compromised. I got an email.

    2. Re:Corporate Responsibility by Anonymous Coward · · Score: 0

      My account was compromised and I didn't get notified.

  14. grammar-free context!, not context-free grammar! by girlinatrainingbra · · Score: 1

    Re:"manager of network did security not specify"
    .
    You say:the exploit was written with a context-free grammar.
    .
    I say: the article was written with a grammar-free context!
    ;>)

  15. Re:Twitter by Anonymous Coward · · Score: 0

    All their user are by definition.

  16. Re: Did Yoda write this? by G-News.ch · · Score: 1

    actually the sentence should be "...manager of network security did not specify...", so no, they didn't mean "did not specify security".

  17. I call foul. by rwven · · Score: 1

    I call foul.

    I don't even have Java installed....and yet my twitter account was hacked due to a java vulnerability? I got one of the emails saying my account had been compromised...but according to this, that wouldn't have been possible.

    Someone's mistaken...or lying.

    1. Re:I call foul. by rwven · · Score: 1

      Also...I -only- use Chrome, and nothing else. Yet this was supposedly a Safari and FF specific problem?

    2. Re: I call foul. by Anonymous Coward · · Score: 0

      You did nothing wrong.

      Someone, or more than one person, at Twitter was hacked via Java. Accounts that were comprised may have been sending Java exploits when people viewed them.

    3. Re:I call foul. by ScentCone · · Score: 1

      You're confused. It wasn't a Java hack on YOUR computer, it was a Java hack on a machine internally at Twitter, via which accounts were snooped. Relax.

      --
      Don't disappoint your bird dog. Go to the range.
    4. Re: I call foul. by rwven · · Score: 1

      Ah! That makes a lot more sense.

    5. Re:I call foul. by rwven · · Score: 1

      *relaxes*

      Thanks for the clarification. I'm feeling a little sheepish now.

    6. Re:I call foul. by Anonymous Coward · · Score: 0

      *relaxes*

      Thanks for the clarification. I'm feeling a little sheepish now.

      Don't flatter yourself. You are way dumber than a sheep.

      Now hand over that fake-ID equivalent nerd card you made out of tissue paper.

  18. Rubbish by Frankie70 · · Score: 4, Informative

    If a security hole in Java running on a Twitter user's browser allowed someone to get to Twitter's internal data (i.e. not just the data of the user whose browser who had Java) - then it's a security hole in Twitter.

    I think Twitter is being dishonest here.

    1. Re:Rubbish by prunedude · · Score: 1

      Exactly. Can someone explain how this is NOT the case?

  19. That would mean... by thetoadwarrior · · Score: 1

    How can java and safari be to blame? Unless of course an employee was surfing porn or something questionable and his PC was hijacked but I would say the problem is with twitter not doing more to protection their employee machines and network.

    1. Re:That would mean... by Tridus · · Score: 1

      According to an article here a couple days ago, online ads are more dangerous than porn. Considering how many flaws there are in Java, all you need to do is get some code on any website someone visits and you can root the machine. The idea that the Twitter user was doing anything inappropriate at all is just speculation.

      --
      -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
    2. Re:That would mean... by thetoadwarrior · · Score: 1

      I agree it is speculation and you're right about ads. But either way, I'm glad I use Linux without Java.

    3. Re:That would mean... by Anonymous Coward · · Score: 0

      surfing porn or something questionable

      Or playing those pesky computer games my mom always complained about when the computer didn't do what she wanted or as fast as she wanted.

      Everyone knows that's how you get hacked. Games, porn and 4chan.

  20. Re: Did Yoda write this? by Anonymous Coward · · Score: 0

    I think it was a joke referring to the poor security on Twitter's part, as in "Twitter did not specify security.

  21. Re:Dis crimination by Anonymous Coward · · Score: 0

    Nice to see you back, APK.

  22. Clear text passwords by drginge · · Score: 1

    Its unclear why twitter are resetting passwords. Is it simply a precaution as the password data is encrypted and useless (as it should be)? Surely in this day and age Twitter aren't storing passwords in clear text?

    1. Re:Clear text passwords by quetwo · · Score: 1

      According to their report, they were encrypted with different salt. But given enough time and computing resources. I imagine that they would go after the better known celebrities first, but you never know who would be caught in the crossfire. Expiring the passwords was a good move since even if the passwords are decrypted, they can't get into your twitter account.

    2. Re:Clear text passwords by Anonymous Coward · · Score: 0

      It would be a disaster of epic proportions if someone were to hack into some celebrities account and start posting in their name.

      Twitter is nothing of value so hacking it produces nothing of value.

  23. Soft targets? by cabazorro · · Score: 1

    The pattern reveals media and social companies as the low hanging fruit. As long as they don't do a big hit on the 3 big ones: Apple, Google, Amazon then there is not much cause for alarm.

    --
    - these are not the droids you are looking for -
  24. Re:grammar-free context!, not context-free grammar by Anonymous Coward · · Score: 0

    You got the joke. Congratulations! /golfclap

  25. We've been hacked! by Anonymous Coward · · Score: 0

    We've been hacked because of our inability to deal with known java vulnerabilities - quick say it took advanced techniques and blame the Chinese!

    How is their head of network 'security' still in a job?

  26. Java vulnerabilities in the BROWSER? by mr_mischief · · Score: 1

    No. Internal systems that are secure do not get compromised by rouge clients.

    Could it be that someone used Java in the browsers to snatch credentials from users on their local machines? Sure.

    Could someone infect a browser and that cause Twitter's network to be insecure? No.

  27. Call me web 1.0, but... by R3nCi · · Score: 1

    This is an awfully good illustration of one of the many reasons why I don't drink the social-networking Kool Aid. I make exceptions for Goodreads and RateYourMusic, plus a few forum accounts, but that's it.

  28. Hack twitter? by Anonymous Coward · · Score: 0

    That like having you grass clippings stolen.

  29. Prevention by Anonymous Coward · · Score: 0

    I check my passwords with tools like http://password-checker.online-domain-tools.com/ and https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx. Is there something more that I can do?