Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter #Hacked

Posted by timothy on from the coz-it's-a-hashtag-see dept.

theodp writes "Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."

12 of 111 comments (clear)

  1. Safari and Firefox by icebike · · Score: 4, Insightful

    Who reads twitter with a web browser anymore? All quarter million of these accounts?
    Or was that avenue used to gain access on a server to a password databases or what?

    TFA says

    hackers gained access to Twitter's internal systems and stole information, compromising 250,000 accounts

    They then reference an advisory from the U.S. Department of Homeland Security that users disable Java on their computers.

    Maybe Twitter should follow DHS?

    This sounds like half the story. And press accounts aren't much more informative. Seems everyone is playing this java angle
    pretty close to the vest.

    --
    Sig Battery depleted. Reverting to safe mode.
    1. Re:Safari and Firefox by icebike · · Score: 4, Funny

      Who reads twitter with a web browser anymore?

      Did osmosis and transmission into the brain by optical cable get perfected while I was offline in the last three weeks? Can you let us in on the secret...

      Funny little thing happened while your were asleep Rip Van Winkle. Smartphones were found under a cabbage leaf and the world rejoiced.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Safari and Firefox by 93+Escort+Wagon · · Score: 4, Insightful

      Yeah, reading tweets on a little phone screen. That's a step forward, yes it is.

      --
      #DeleteChrome
    3. Re: Safari and Firefox by tlhIngan · · Score: 4, Informative

      Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

      They'd have to be both - as in a Mac running 10.6 or earlier since Apple removed Java from the OS and blocked old versions. Heck, a couple of days ago Apple blocked ALL versions of Java (they set the minimum version to 0.0.01 above the current one - Oracle just released it that was 0.0.02 above their previous version).

      Apple basically kicked Java to the curb with Flashback - they removed their version of Java from the OS (by blocking it, requiring install of the Oracle one). And the Java plugin for Safari is disabled by default - you can enable it, but I believe it disables itself automatically 30 days later, so you have to re-enable it again.

  2. Re:Discrimination by jones_supa · · Score: 4, Informative

    At least Firefox did the right thing and doesn't run plugins automatically anymore by default, with a recent enough Flash being an exception.

  3. And The Washington Post by guttentag · · Score: 5, Informative
    A New York Times story today adds The Washington Post to the list of American news organizations whose newsroom computers were found to be communicating with computers in China on their own.

    For those keeping score:
    • The New York Times
    • The Washington Post
    • The Wall Street Journal
    • Bloomberg News
  4. "manager of network did security not specify" by bill_mcgonigle · · Score: 5, Funny

    Well, one thing is for sure - the exploit was written with a context-free grammar.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:"manager of network did security not specify" by VortexCortex · · Score: 4, Funny

      Well, one thing is for sure - the exploit was written with a context-free grammar.

      I one our free overloards context welcome for.

      Decode shift-pop order via.

  5. Re:bad things do happen in threes by VortexCortex · · Score: 4, Informative

    Protip: Right-click video, then "Copy Video URL at Current Time.". Like So: https://www.youtube.com/watch?v=ET1-_PeExMs#t=116s

  6. Re:Corporate Responsibility by rwven · · Score: 4, Informative

    They DID. My account was compromised. I got an email.

  7. Rubbish by Frankie70 · · Score: 4, Informative

    If a security hole in Java running on a Twitter user's browser allowed someone to get to Twitter's internal data (i.e. not just the data of the user whose browser who had Java) - then it's a security hole in Twitter.

    I think Twitter is being dishonest here.

  8. Re:Does it mean... by Tridus · · Score: 4, Informative

    Someone inside Twitter's network had Java enabled, and got attacked. Hackers are now inside Twitter and can start poking around.

    --
    -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates