Hackers Break Into Ringo Starr's Twitter Account With Simple Password Reset

blottsie writes: Ringo Starr's account was compromised by a hacker operating under the username "af," who spoke to the Daily Dot about the breach. The hacker says he gained access to an email account associated with Doug Brasch, senior director of digital marketing at Universal Music Group, who managed Starr's Twitter account. He simply used an email password reset to gain access.

Musician doesn't know how to use computers

Wake me up when they break into Mr. Krebs' account. He really DOES something to protect it.

Email got hacked

so the real hack was the email account not twitter?

Re:Email got hacked

[LinuxIsGarbage]

so the real hack was the email account not twitter?

Exactly. If it was a "simple Password reset" it would have been:
Security question: What's your favorite band?
Answer: The Beatles.

Re:Email got hacked

I hate websites forcing Security Questions down my throat for this reason.

Re: Email got hacked

1. Randomly generate an answer.
2. Record your answer somewhere safe.
3. ???
4. Profit?

Re:Email got hacked

[arth1]

I hate websites forcing Security Questions down my throat for this reason.

Worst are those who require you to answer their questions, and not your own.

What was your mother's maiden name?
I never knew who my mother were, you insensitive clod! And if I did know, I bet that a quick search of any genealogy site would tell an intruder too.

What city were you born in?
I wasn't born in a city, you insensitive clod! And isn't town of birth public data?

What was the name of your 6th grade teacher?
People seriously remember this into their 70s?

I wonder how many of the secret answers are "FUCK YOU!", because they're either questions that everybody knows, or you don't even know yourself.

Re: Email got hacked

[invictusvoyd]

Record your answer somewhere safe.

Like a piece of paper stuck beneath the keyboard.

Re:Email got hacked

[arobatino]

Use a strong random string as the answer, regardless of what the question is, and store it in a password manager (next to the question). Then the question doesn't matter, it's only used for lookup.

What is your mother's maiden name? JbdsxnzvB31M4uW0AxVsh2gIcFHhgN
What is your favorite color? ESWKiF0J8IyZj7aZQzCjsAhGcyn4QC

Re:Email got hacked

[brantondaveperson]

But the whole point of the 'security questions', is that you've lost your password. If you're using a password manager to store your passwords already, then there's no point using it to store your answers, because then you'd have your actual password, and wouldn't need the 'security questions'.

You might as well type in random text, and not even bother to remember it, if you're going to use a password manager to store it. I hate the things too.

Re:Email got hacked

[arobatino]

You might as well type in random text, and not even bother to remember it, if you're going to use a password manager to store it.

You have to store the answers to the "security questions", because sometimes websites will require you to know them, even if you have your password. It's happened to me more than once.

Of course, they shouldn't actually be called "security questions" (since the purpose is not to enhance security, but to actually weaken it so customer service doesn't have to deal with people who forgot their password) but obviously they can't admit to that. And since they need to pretend it's about security, they also need to make it mandatory, even though it's pointless for people who use PMs and do backups regularly. We just grit our teeth and store the "security questions" in the PM, along with the passwords.

Re:Email got hacked

Nah, that would be foolish....

Answer: Rolling Stones

Re:Email got hacked

so the real hack was the email account not twitter?

Exactly. If it was a "simple Password reset" it would have been:
Security question: What's your favorite band?
Answer: The Beatles.

What security question? Don't they just send a link with a long cryptographic token in the URL path?

Re:Email got hacked

[GateGuy]

I had a credit card hacked once. The person used it to pay for a lot of crap on iTunes. When I called Apple support, the said that the credit card was attached to a different account. So when the support person wanted to validate who I was, she asked me for the answers to my secret questions. I had scrambled answers like you describe. I also always use the maximum number of characters that the field (or rule) will allow. About 50 characters into it, she said she knew it was me.

Re:Email got hacked

[omnichad]

It was an iCloud email address, but in this case, Apple's security questions were such that the answers could be found via Facebook.

Re:Email got hacked

[sudon't]

But the whole point of the 'security questions', is that you've lost your password. If you're using a password manager to store your passwords already, then there's no point using it to store your answers, because then you'd have your actual password, and wouldn't need the 'security questions'.

Right. All this extra "security" bullshit we have to put up with is because of the idiots who don't use password managers, (and password generators). It's the dumbing-down of security. I don't see how these people will ever learn if they're always having their hands held. Let them lose control of a few accounts. Then, maybe, they'll get with the program.

Re:Email got hacked

[brantondaveperson]

You have to store the answers to the "security questions", because sometimes websites will require you to know them, even if you have your password. It's happened to me more than once.

Well. That's pretty stupid. In that case I guess you're stuck, and your random answers are a pretty good idea. I don't know that most password managers actually support 'security questions' without creating a whole new entry for each one - the one I use (keepass) certainly doesn't. It's time that we used a hardware security dongle - you know, like we do with doors - to allow people into their accounts.

Re:Email got hacked

I don't know that most password managers actually support 'security questions' without creating a whole new entry for each one - the one I use (keepass) certainly doesn't.

Some password managers allow you to store description (arbitrary text) alongside the passwords. The descriptions are explicitly stored with the same level of security as the passwords themselves. Some also support using security dongles to gain access to the password database.

Re:Email got hacked

[arobatino]

Some password managers allow you to store description (arbitrary text) alongside the passwords.

That's what I do. MyPasswordSafe allows storing comment text with each entry, so I put the "security question"/answer pairs in there.

Re:Email got hacked

[MoarSauce123]

The problem are these prefab password reset questions and the logical answers people give. When asked for birth date put something in that is clearly NOT your birthday. Asked for favorite band enter your least favorite food. Although I bet there is a band called "capers".

31337

[JesseEnjaian]

When did the word "hacker" become synonymous with "being a douchebag with computers?" I missed this cultural shift somewhere.

Re:31337

[malditaenvidia]

Around the late 90's, if I recall correctly.

Re:31337

[JesseEnjaian]

Around the late 90's, if I recall correctly.

you mean IIRC

Re:31337

The FBI redefined "social engineer" as :OMG hacker!" back when they went after Kevin Mitnick. What makes you think that would be any different today?

Re:31337

As far as I'm aware it's always meant that.

It's just that until the 90's the only people with anything important accessible by computer were big businesses and the government so the douchebags could pretend to be Robin Hood class d-bags instead of The Joker class d-bags.

Re:31337

Social engineering is the diet coke of "hacking." I vote that we strip the term "hacker" from "social engineering." We already have a word for that: con-man, or "confidence trickster."

LOL, capcha "infamous." :)

Re:31337

As far as I'm aware it's always meant that.

It's just that until the 90's the only people with anything important accessible by computer were big businesses and the government so the douchebags could pretend to be Robin Hood class d-bags instead of The Joker class d-bags.

I thought a "hacker" built stuff and a "cracker" broke stuff. "Breaking into an account" would then fall under "cracking," not hacking. AFAIK, "hacking" is when you use some paperclips, a few resistors, and a perl script to turn your motherboard into a radio. THAT is hacking.

Did you circumvent encryption? Crack.
Did you come up with a no-cd game patch? Crack.

Did you figure out how to send digital files UUencode-style via SMS using a rooted iPhone? Hack.
Did you make your line printer play Christmas songs? Hack.
Did you get a MUD (multi-user domain) running on some old cable box? Hack.

To hack is to get a webserver running on some old graphing calculator, not hassling old Ringo. :(

Re:31337

Yeah but then Google would have more trouble picking up new hires from various engineering departments.

Re:31337

Acronyms are for lazy twats.

Re:31337

[DerekLyons]

Long before that, try early/mid 80's.

Re:31337

[JustOK]

Exactly. We should write out Lucifer Our Lord instead of lol. Oh, crap. I used an acronym.

Re:31337

Long, long, long, long ago. AKA the 90s. Or possibly even the 80s or 70s, but I'm too young to remember that far back.

Endless people have tried to correct the usage but it's too far gone. Some programmers/computer scientists/related (I hope most but can't be sure) get the hacker/cracker black-hat/white-hat etc distinctions, but for most people a hacker is a computer-savvy douchebag and criminal.

Re:31337

Acronyms are for lazy twats.

And tweets. Oh, wait, tweets for twats, I see what you did there!

Re:31337

[BoberFett]

I can't confirm when it started, but it reached a peak when people started swiping their friend's unlocked smartphones and posting douchey photo to the owner's Facebook page, along with the text "You've been hacked LOL!"

It's handled by a marketing droid

[93+Escort+Wagon]

I wonder how many celebrities don't even have access to (ostensibly) their own social media accounts?

Also, who cares about Ringo Starr in 2016?

Re:It's handled by a marketing droid

[Lunix+Nutcase]

Probably quite a lot of them. You don't actually think celebrities are making all those posts to Facebook and Twitter themselves, right?

Re:It's handled by a marketing droid

[ShaunC]

I dunno. If Kanye isn't making his own Tweets, he ought to fire whoever he has doing it for him.

Re:It's handled by a marketing droid

[judoguy]

Also, who cares about Ringo Starr in 2016?

Rory and the Hurricanes is as sweet a pop song as anyone puts out today.

Re:It's handled by a marketing droid

[CanEHdian]

Well at least we know Kevin Hart is doing his own tweets!

E-mail is the universal key

[shawn2772]

I occasionally run into people who don't believe they need to be very careful with their e-mail security, because "it's only e-mail, it's not like my bank account or anything". But given that virtually every other online account you create uses e-mail to manage password reset, it is your bank account. And everything else.

Use a good password on your e-mail account, and enable two-factor authentication. If your e-mail provider doesn't offer 2FA, or offers a form of it that's too inconvenient to use, get a better e-mail provider. #emailmatters

Re:E-mail is the universal key

#emailmatters

#hashtagsareretarded

Re:E-mail is the universal key

#emailmatters

#hashtagsareretarded

#isecondthis

Re:E-mail is the universal key

#irccantfunctionwellwithoutthem

Re:E-mail is the universal key

[Blaskowicz]

If you want a better e-mail provider you'll have to pay for it. If you ever get unable to pay (say, unemployment, homeless, prison, war, disease etc.) you're then at a risk of losing it all.
As for 2FA there's no way I'm giving my phone number to $email_provider :). And I have never thought yet about what happens if I lose a phone number tied to a password!

We need some way to be secure without recurring bills. e.g. using Firefox instead of IE was free at least.

Re:E-mail is the universal key

[Gojira+Shipi-Taro]

As for 2FA there's no way I'm giving my phone number to $email_provider

Well texts are far from being the ONLY way to get 2FA but beyond that, perhaps you're too paranoid to be on the internet?

Re:E-mail is the universal key

As for 2FA there's no way I'm giving my phone number to $email_provider

Well texts are far from being the ONLY way to get 2FA but beyond that, perhaps you're too paranoid to be on the internet?

sudo apt-get -install

https://help.ubuntu.com/community/AptGet/Howto
Run your own mail server. Learn it. Use it.

Re:E-mail is the universal key

[shawn2772]

If you want a better e-mail provider you'll have to pay for it.

Gmail is free, and has excellent security. Better than any paid service I've seen, actually.

As for 2FA there's no way I'm giving my phone number to $email_provider

So, don't use phone-based 2FA. Continuing with Gmail as an example, you can get 2FA via security key (a little USB stick), smartphone app, printed codes (pieces of paper you carry in your wallet), SMS or voice phone. Only the last two involve your phone number. Though I have to wonder... just what do you think $email_provider is going to do with your phone number anyway? And if you don't want them to have it, you'd better be sure you never e-mail it to anyone. Or include it in your sig.

And I have never thought yet about what happens if I lose a phone number tied to a password!

The typical smartphone is actually the worst possible case, because it's unlocked and has browsing history, e-mail, and very likely your 2FA as well. It may even contain passwords, stored by the browser or by a password keeper.

You really, really need to secure your phone with a good password, and configure it to lock aggressively.

(Full disclosure: I work for Google, but not on Gmail. I work on Android security, and I worry a lot about how valuable phones are becoming, and how insecurely most of them are configured.)

Re:E-mail is the universal key

[N1AK]

Was going to respond with most of the points made in this post, but will now just emphasise that 2FA exists in a number of formats that don't require you to give a mobile phone number. Personally I use Google Authenticator (an app on my phone), backed up by mobile phone SMS (optional), further backed up by a print out of 10 one use codes (I've used two, and keep half in my wallet and half at home).

Re:E-mail is the universal key

#emailmatters

#hashtagsareretarded

#itsapoundsignanditisretardedtoo

Re:E-mail is the universal key

[houghi]

As I have my own domain (and others here might have as well) I use a simple way of using email.
1) A spam account at gmx.com for rubbish. Many would use Google, I like GMX better, because it isn't google.
2) A fristname.lastname@example.com that is only used when I am looking for a job. If I don't, all mails will be dropped.
3) An email address for friends that will be filtered for spam
4) An email address for every website that is important to me. e.g. shlashdot.org@example.com or bigbank.com@example.com.

The last one will not only give me a way to tell if it is really my bank or not, so less possible falling for fake mails. It is also possible to see who sell their email addresses and I will drop the mailbox. Till now after several years the only company that has done this is Ebay.

All email addresses are just aliases.

Filtering into folders is done per type (e.g. mailing lists, commercial, financial, ...) by procmail

It has helped me determine if something is a fake mail from BigBank that was my bank and was done very well. As it was in the wrong folder, I knew it wasn't send by my bank and thus deleted.

I even make one that is travel@example.com for travels for that year. That way I do not need to use a different one for various hotels and restaurants I want to do reservations at or rental companies, while all stays together.

What people who do not have access to their own domain and/or unlimited aliases could still use different email addresses.
e.g. banking.name@example.net , stores.name@example.net , webistes.name@example.net.

Most places will allow 5 aliases and that should be enough to differenctiate. It will also prevent using an address like LittleHornyBitch69@example.org when you start looking for a job.

Re:E-mail is the universal key

[omnichad]

#emailmatters

#hashtagsareretarded

#itsapoundsignanditisretardedtoo

#icallitanoctothorpeyouinsensitiveclod

Re:E-mail is the universal key

[Mirar]

I use the same scheme, although I'm harder with _everything_ gets their own email address.

Small companies that look at things manually usually get confused when I fill in the email address "smallcompany.com@example.com". One even canceled an order because they didn't believe the email address. (Apologies and rebate though when I told them that yes, that's the correct one.)

I also sort every @example.com in a separate mailbox. If anyone have a good tip of a good imap server/mail reader combo that can handle about a thousand incoming mailboxes I'd like to know, so I can stop using gnus and mbox.

PGP Reset Emails

[mx+b]

I've wondered why services don't allow you to do something like add a PGP public key, and all notifications from that site are sent encrypted to that key. If someone gets ahold of your reset email, well unless they have your private key and passphase, they're still out of luck. Furthermore, legit email notices could be signed by a known public key of the site.

OK, it was a bit rhetorical perhaps, as I know not many are familiar with PGP to use it. Outlook doesn't support it out of the box so that cuts out a lot of users right there. And even people technical enough to know what its doing don't always like it.

And I guess the problem then would be people saying "I forgot my PGP passphase, please help!". So maybe it wouldn't actually solve much and still be prone to social engineering. But still. In 2016 I would have thought we'd have a better handle on privacy and security.

Re:PGP Reset Emails

...In 2016 I would have thought we'd have a better handle on privacy and security.

No amount of stupid can be cured by time alone. Until sites do more to force their users into utilizing even the most basic security practices, like not using the same password everywhere (simple solution - expire passwords at random time intervals), stupid will prevail. And I mean ALL sites, not just the important ones like financial sites. You can't fix stupid, but you can sure as hell beat it into submission.

Re:PGP Reset Emails

[Lunix+Nutcase]

simple solution - expire passwords at random time intervals

Which is itself a stupid policy and has been proven time and time again to only lead users to choosing weaker passwords, writing their passwords down, etc. so they can remember them.

Re:PGP Reset Emails

Don't allow them to set weak passwords. If you allow your users to set weak passwords, expect them to set weak passwords.

As far as writing it down goes, you're never going to stop that. I've come across users that wrote down even the simplest of passwords; forcing harder passwords is not going to change that. I don't condone writing down passwords on paper, but they are much better off writing down a hard-to-remember/hard-to-guess password than using a simple password that some douche "hacker" can easily guess or figure out with a script. Chances are that Chinese "hacker" doesn't have access to the notebook the user's password is written in. Someone that would have access to the notebook is likely to also have physical access to their computer and can do much more than just knowing a few passwords will allow anyway.

Your argument is worthless as long as we're talking about passwords. Once there is a working replacement for passwords, your argument has merit.

Re:PGP Reset Emails

[Lunix+Nutcase]

Don't allow them to set weak passwords. If you allow your users to set weak passwords, expect them to set weak passwords.

Users will set the weakest password you will let them get away with. You can try to set all sorts of arcane rules and yet users will still find ways to make weak passwords.

As far as writing it down goes, you're never going to stop that. I've come across users that wrote down even the simplest of passwords; forcing harder passwords is not going to change that.

Forcing them to constantly change their password is going to KEEP them doing it.

Your argument is worthless as long as we're talking about passwords. Once there is a working replacement for passwords, your argument has merit.

It's only "worthless" if you don't actually really care about opsec. Enjoy your users' accounts being easy to break in to.

Re:PGP Reset Emails

Don't allow them to set weak passwords. If you allow your users to set weak passwords, expect them to set weak passwords.

Users will set the weakest password you will let them get away with. You can try to set all sorts of arcane rules and yet users will still find ways to make weak passwords.

As far as writing it down goes, you're never going to stop that. I've come across users that wrote down even the simplest of passwords; forcing harder passwords is not going to change that.

Forcing them to constantly change their password is going to KEEP them doing it.

So are you saying that requiring my users to set a password that is no less than 16 characters long and requires at least 3 lowercase letters, at least 3 capital letters, at least 3 numbers, and at least 3 "special" characters, in any combination that does not contain words found in a dictionary (including words using symbol substitution such as p@5Sw0Rd), and requiring them to change it on random intervals between, say, 5 and 25 weeks (so that it is not likely to be on the same interval as some other site) to a password that has not been previously used on the account, will allow them to continue setting weak passwords? Please, do provide a few examples of weak passwords that would be accepted within those parameters.

My point is this: your idiot users that write down their passwords will continue to do so whether they can set the password once and never again or are required to change it 4 times within a year. Hell, people write down 4-digit pin numbers to their debit cards that they use far more frequently than email passwords! As long as you continue to use a password in any form, be it 4 characters or 400 characters, they will still write it down.

You seem to be implying that enforcing some kind of sensible password restrictions (even half that above) and requiring it to be changed periodically (even at regular intervals) is not any better than allowing them to just set the password as "password". Fuck it, why bother with a password at all?

Re:PGP Reset Emails

What's wrong with writing down passwords? It depends where you keep the book you write them in, or the paper you write them on. If you stick a piece of paper with your password on under your desk, who exactly is going to see it? A burglar? I have over a hundred passwords in a notebook in my desk drawer at home. They are all at least fifteen characters long, and user random and/or made up words, and numbers. Isn't that better than trying to remember 100 different passwords?

Seriously - who can access a written down password that you keep at home, except for a burglar?

Re:Who the fuck cares

[whipslash]

move along then

Sarah Palin hack

Sounds similar to the 'hack' of Sarah Palin's Yahoo email several years ago:
http://www.wired.com/2008/09/palin-e-mail-ha/

Re:Who the fuck cares

[whipslash]

No

This is what you get when...

[sudden.zero]

...Slashdot is moderated by douches that work for a company that knows nothing about Slashdot's culture! God I wish someone would by Slashdot from Dice.

Re:This is what you get when...

[rudy_wayne]

lol

Good one.

Re: This is what you get when...

...Slashdot is moderated by douches that work for a company that knows nothing about Slashdot's culture! God I wish someone would by Slashdot from Dice.

Unbelievable that we are wishing for Dice.

The new CEO promised to take and respond to feedback, seemed to go apeshit when it was posted by an AC, but is ignoring everyone else, like you.

It's a business solution, not a technological one

[Etherwalk]

I've wondered why services don't allow you to do something like add a PGP public key, and all notifications from that site are sent encrypted to that key. If someone gets ahold of your reset email, well unless they have your private key and passphase, they're still out of luck. Furthermore, legit email notices could be signed by a known public key of the site.

OK, it was a bit rhetorical perhaps, as I know not many are familiar with PGP to use it. Outlook doesn't support it out of the box so that cuts out a lot of users right there. And even people technical enough to know what its doing don't always like it.

And I guess the problem then would be people saying "I forgot my PGP passphase, please help!". So maybe it wouldn't actually solve much and still be prone to social engineering. But still. In 2016 I would have thought we'd have a better handle on privacy and security.

Because that doesn't make sense from a business standpoint.

2-factor authentication to your phone works for most consumers. For higher-value accounts of celebrities, etc..., people should be able to pay to have password resets confirmed by fedex or by phone call to their IT department/agent/secretary.

Re:Who the fuck cares

No

What a stellar new management team. Way to listen to your customers.

Was his password....

[unixisc]

.....Ob-la-di-ob-la-da?

Re:Who the fuck cares

[whipslash]

Oh we're listening. Just not to the AC posting "who the fuck cares" when the majority of comments here are actual good discussion. No one's stopping you from spewing venom from your pulpit of anonymity though so keep on keepin on

Re:Who the fuck cares

So a Z-List celebrity gets his email reset. This might have been remarkable 20 years ago, but it's not today. Why is this here again?

And it's not spewing venom, it's basically saying this isnt news very bluntly, it's barely gossip level. And calling your reply as coming off as petulant isn't venom either.

Come on, this is a glaring downgrade in the quality of story that Slashdot has been putting up lately.

Curious

[ajarin]

Wah... How could it be happen?

Re:Who the fuck cares

[whipslash]

Beatles are Z-List celebrities. Noted. And I was just saying bluntly you should move along if you're not interested. The majority of commenters here are.

Re:Who the fuck cares

[whipslash]

Good talk. See ya out there

So much for the new management

[DNS-and-BIND]

I had such high hopes for the new management, but it seems a case of "meet the new boss, same as the old boss." This isn't a story, it's not news for nerds, it's not stuff that matters. It's not even a hack. It even involves Twitter, which gives it negative points. What are we supposed to learn from this? Secure email accounts that don't belong to you? For a former celebrity who doesn't even use Twitter?

Re:So much for the new management

[whipslash]

We hardly knew ye

Re:So much for the new management

New management is obviously more concerned with having useless arguments with users and anonymous cowards than trying to restore some of the faith lost to old management. Not necessarily "same as the old boss", seems a bit worse. Business as usual... with the added bonus of go-fuck-yourself-if-you-don't-like-it.

Sadly, unsurprising.

Re:So much for the new management

[whipslash]

No I've been logged in all day. To declare your hopes dashed because of a story, or a few stories, that you don't think fit the ethos of the site is a little premature. We are working on it. It's only been a few weeks. Give us time.

Re:So much for the new management

[whipslash]

That's not what I'm saying. I am just saying if someone voices their opinion with the subject line "who the fuck cares", I'm going to put less weight on that than someone who voices it thoughtfully. The OP in this thread was more thoughtful than some other commenters.

Re:So much for the new management

Premature? Maybe. But after a response that equates to "if you don't like it, fuck off with you", I'd say his hopes are rightfully dashed.

Re:So much for the new management

[whipslash]

My intention is for it to equate to, as I've said multiple times, "we hear you and we are working on it.. Bear with us while we improve." I read criticism all day long, be it founded or unfounded. We hear you. We are working on improving. Rest assured I read every single comment. I just think energy might be better served with a productive discussion on the story, or discussing another story you actually like. Your gripes about editorial are well noted at this point and I am working with editors.

Re:So much for the new management

[DNS-and-BIND]

Well, you fired those two worthless losers when you arrived, which was a great breath of fresh air. There's still one left, who apparently thinks that the word "hack" plus the word "Twitter" equals "Slashdot story". How many weeks do you need to stop posting stuff like this? I volunteer to start picking out stories instead of timothy. I'll do it for free, too. As a bonus, my stories will not repeat themselves in the same 24 hours, I will use a spell checker, and I will explain unfamiliar concepts and acronyms in the article.

I was really hoping we would cover Madeline Albright's "Thereâ(TM)s a special place in hell for women who donâ(TM)t help each other!" about women who don't support Hillary Clinton. This was a great topic, it was all over the news, it was strongly pro-Sanders, and I was certain we'd get coverage...but no. What did we get instead? Another nerd-bullying article condemning introverted men for not knowing how to relate to women. Because we haven't had enough of THOSE around here lately. It's like there hasn't been any management change at all.

Re:So much for the new management

[whipslash]

Submit them into the firehose and let them get voted up. The firehose is where you can give your vote on which story we should pick. We will also be incorporating stories that will auto post to the front page from the firehose when they reach a critical mass of popularity, including requirements such as a certain amount of votes from high karma users, users with old accounts, and other filters like an enhanced dupe checker. You have a low user ID and high karma so your votes will matter greatly. To answer your question of how many weeks we need, I am not sure. However if you think you're going to engender haste to enact your wishes, calling people on our staff worthless losers probably isn't your best bet.

Re:So much for the new management

You can't redefine idioms to your liking, it doesn't work that way. If I tell you to "get bent", I'm not going to pretend that what I really meant was,"bend your neck a little and read further down the conversation."

Your response to the OP in this thread was either accidental and meant for another thread, or it was intentional. I can understand if it was the former, in which case a simple "oops" would have been in order. But the fact that you are backpedaling with some BS leads me to believe the latter.

Re:So much for the new management

[DNS-and-BIND]

Sorry, I react poorly to people to whom I perceive have flipped me the bird verbally.

In the past, the firehose has been roundly ignored when it votes up inconvenient stories like the Albright "burn in hell" story. Thus, me and a lot of other people stopped using it a long time ago. Try renaming it to something other than 'firehose' and tell us that it'll auto-post no matter how damaging the topic matter is to the Democrats.

Re:So much for the new management

[whipslash]

We're not going to rename it but I'm telling you right now it will auto post anything that meets the vote requirements, no matter the topic. It will be live in the next week or two.

Re:So much for the new management

[whipslash]

We're working on improving editorial as well as everything else. Sorry if I came off as abrasive but I read enough criticism in a day to last me a life time.

Re:So much for the new management

[whipslash]

Would also like everyone's opinion here regarding videos on Slashdot: https://slashdot.org/poll/2973...

Re:So much for the new management

[DNS-and-BIND]

Well! I'll believe it when I see the first anti-SJW story or the first pro-Trump story. If you really believe in the users, that will show it. I get the feeling that the story will be shitcanned shortly after appearing though, either by your order or by some higher up Dice.com manager. Dice is pretty hard left and you don't see inconvenient truths unless they support their side of the story.

Re:So much for the new management

[Gojira+Shipi-Taro]

And I react poorly to people that think that they alone represent the filter through which "News for Nerds" should pass. There's so many of you grognard assholes. Get the fuck over it. The new ownership does seem to care. They just don't have to specifically care about YOU.

Re:So much for the new management

[Gojira+Shipi-Taro]

There's not going to be a pro-Trump story because that prick has no one's interests at heart than his own. If you're looking for "Fox News" style "fair and balanced" you can fuck right off to your fascist hacienda and die.

By your imaginary "news for nerds" filter, how would a pro-Trump story even be a thing here? You're a bit of a prat.

Re:So much for the new management

[whipslash]

We won't can the story based on its political leaning. Also you do realize Dice is no longer the owner of Slashdot right?

Re:So much for the new management

[Gojira+Shipi-Taro]

As well you should. I see so much noise from so-called "old timers" who think they're the end-all be-all of defining what /. should be. Like not reading an article that you can see from the title isn't to your taste is a fucking burden.

I can tell that you guys are trying. It's one reason I'm back after several years of not bothering to check this place at all.

As long as you guys can keep the shitposts down, I think we're good.

Re:So much for the new management

[whipslash]

Thanks for the support!

Re:So much for the new management

[DNS-and-BIND]

Oh, right. LOL. Have to learn the customs of the new boss. That's a demerit!

Re:So much for the new management

Whipslash, this is directed at you, sir/ma'am/entity.

Imagine my horror as a computer geek when I learned that .AVI files could contain corruptors. Imagine my horror 1000x fold when some kinds of .jpg could do that, depending on the OS.

Would also like everyone's opinion here regarding videos on Slashdot: https://slashdot.org/poll/2973...

When you "mainline" some sort of file format as an "auto-view" or even "clickable" format, there are some possibly severe issues that might spring from that if some "serious douche bag" decides to play that way.

If anyone tells you that you can easily insert a "flash video" stream on this site, this is likely a big mistake.

I understand the desire to embrace formats of files and such, but some things might be a bit vulnerable.

Re:So much for the new management

[Gojira+Shipi-Taro]

No you just have to learn the customs of a sane community. Raging at "the man" without a point of reference is seldom productive.

Re:So much for the new management

[DNS-and-BIND]

Imaginary news for nerds filter? WTF? It is the founding statement of the website. It's why we're all here. By nerds, for nerds. I am seriously having a problem comprehending how you don't know this.

If you have a problem tolerating people who think differently from yourself, you fit all the criteria in this article. Here is a particularly damaging excerpt that describes you to a T:

Another characteristic of the new upper class - and something new under the American sun - is their easy acceptance of being members of an upper class and their condescension toward ordinary Americans. Try using "redneck" in a conversation with your highly educated friends and see if it triggers any of the nervousness that accompanies other ethnic slurs. Refer to âoeflyover countryâ and consider the implications when no one asks, âoeWhat does that mean?â Or I can send you to chat with a friend in Washington, D.C., who bought a weekend place in West Virginia. He will tell you about the contempt for his new neighbors that he has encountered in the elite precincts of the nationâ(TM)s capital.
For its part, mainstream America is fully aware of this condescension and contempt and is understandably irritated by it.

It may come to the realization that America isn't the country for you and the people here are not what you want to be around. You would be far more comfortable in a country that shares your left-wing views. I would suggest Bolivia, Venezuela, or Cuba, but you may go where you like. Bon Voyage!

Peace and Love, Peace and love!

[Lumpy]

it's not like a celebrity has any different security than normal people.

But it's still funny.

Re:Peace and Love, Peace and love!

[Lunix+Nutcase]

Ringo isn't even involved. As stated, this was someone breaking into the email of the guy who runs Ringo's Twitter account.

Re:Peace and Love, Peace and love!

Wizzz!

I see you miss the point. For another dollar you can try again!

Re:Who the fuck cares

Beatles are Z-List celebrities.

Ringo Starr is, yes.

Where's the IT angle?

[tetraverse]

“The questions asked were his birthday and name of his nephew, both easy to find with Facebook. I was surprised when I entered the answers and it actually succeeded first try.”

Re:Where's the IT angle?

That's the IT angle right there. Stupid security questions, password reset emails, everybody's life on Facebook: this is the world we created. The question is whether we're happy to live in it.

Re: Who the fuck cares

Oh we're listening. Just not to the AC posting "who the fuck cares" when the majority of comments here are actual good discussion. No one's stopping you from spewing venom from your pulpit of anonymity though so keep on keepin on

Holy shit... the AC system had been at the core of Slashdot's success from day one. Good to hear you view on this, I think it had cleared up a good many peoples undecided opinion on the new direction the new submitters have taken the site in the last week.

53 comments, including these astonishing ones by you, is pretty bad for a middle of the day holiday weekend post by Slashdots old standards.

But good to hear your views. Anything else you can share to drive more people finally off this site?

Re: Who the fuck cares

Oh we're listening. Just not to the...

Fascinating, Logan, for a sec I actually believed the stuff you were posting to Twitter.

You really should just stop while you are behind. Interacting with customers isn't your strong point.

Hackers and crackers

[XXongo]

I thought a "hacker" built stuff and a "cracker" broke stuff.

There has been an attempt to get that usage adopted, but it's failed.

Basically, the definition of "cracker" as "A poor and usually bigotted white person living in the south" is so well accepted in America that it hasn't been possible to graft a new definition on.

see: ubran dictionary or NPR

Re:Hackers and crackers

I thought a "hacker" built stuff and a "cracker" broke stuff.

There has been an attempt to get that usage adopted, but it's failed.

Basically, the definition of "cracker" as "A poor and usually bigotted white person living in the south" is so well accepted in America that it hasn't been possible to graft a new definition on.

see: ubran dictionary or NPR

...so you dilute the history and knowledge of throwing technology together to make the next generation... ...by bringing "racism" into what should be a purely technological discussion?

http://www.urbandictionary.com/define.php?term=Cracker
" Originally the white slave driver because he would "crack" the whip, hence the noun cracker.
Yo homey pick the cotton faster cuz here comes ole Mr.Cracker with his whip! "

The concept behind "hacking" is quite clear: We come up with cool shit using things like the unix command "echo."

The concept behind "cracking" is quite clear: We re-establish our "fair use" of what we bought. It's very quite simple. As they try (and fail) to hack upon us, we hack upon them.

Example: Old CSS is old and busted. How can they stop me legally "time-shifting" and making "archival copies" now?

What does this have to do with busting a weakness in some celeb's cloud?

ABSOLUTELY NOTHING!

In this AC's humble opinion, the "crack" of Ringo's org is poorly named and poorly represented. This changes nothing in society.

Freaking password reset? Ninja, please.

Re:Who the fuck cares

Beatles are Z-List celebrities.

Ringo Starr is, yes.

Wait, which zombie movie was Ringo in? Must have missed it!

Re:Who the fuck cares

Ringo sure as fuck is a Z-Lister.

Motive

[BlueBiker]

Uh-oh, hope Pete Best has an alibi :-/

Password Security

You know it don't come easy.

Who Cares

Some old celebs useless twitter account got hacked. Why are we paying attention to stuff like this? It's not an impressive hack.

useful?

[Mirar]

Can I use this "hack" to get my old, bot-stolen (because I obviously didn't care back then), twitter account back?

Not many people are willing to do that anymore.

I believe in the 80/20 rule. you know, where 80% of all reward comes from 20% of the effort? Well, I believe your blog is that 20%. I've added you to the list of sites that I frequent. Thank you for the in depth and detailed blog posts. Not many people are willing to do that anymore.
Also visit http://localclienttakeover.com/ for more