Slashdot Mirror
Why Twitter Can't Even Protect Tech CEOs From Getting Hacked (buzzfeed.com)
Over the past few weeks, we have seen a number of CEOs -- including Google's Sundar Pichai, and Facebook's Mark Zuckerberg -- become victims of Twitter hacks. One must ask, what's wrong with Twitter that so many people -- including high-profile names -- keep getting hacked? BuzzFeed dives deep into the problem, and says it's how Twitter interacts with third-party apps that's at fault. From the article:Over the past several weeks, however, a three-person hacking team called OurMine has made clear that years after the problem first came to light, third-party authentication is still a security nightmare for Twitter. By gaining access to apps with third-party write access, OurMine has been able to post to the Twitter accounts of tech bigwigs like Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, and Uber CEO Travis Kalanick. In other words, whichever write-authorized app connected to your Twitter is least secure is exactly how secure your Twitter account is. [...] The public nature of Twitter, whose main point is to share information as quickly and widely as possible, has made these attacks a much bigger issue for Jack Dorsey's company than they are for Facebook. And there's very little Twitter can do to solve the problem that doesn't defeat the incentives for third-party writing privileges in the first place: Speed and functionality. Adding layers of security -- like an extra login -- to access Twitter through a third-party app defeats the purpose of speedy cross-platform sharing. And disabling third-party writing would anger developers and hurt engagement, a cost Twitter probably isn't willing to bear.
And it only gets worse the further up you go. Those who can't do get promoted.
While you can't fix the general weakness of the platform, there's nothing stopping Twitter from slapping on a "VIP" mark on special accounts, which will make any attempt to change passwords, etc, take extra steps and authentications.
And over there we have the labyrinth guards. One always lies, one always tells the truth, and one stabs people who ask t
rilly guise, u r needin an artikal 4 dat?
Require third parties to be audited (by automation of SCA) before allowing usage.
Provide better secure by default libraries for them to reuse.
so what would you expect?
Came for the Apps! meme, and was sadly disappointed.
Do people expect that CEOs have some magical power or distinction that make them somehow less vulnerable to hacks?
I would expect that, because of celebrity status, they would be hacked more than other people, not less.
My eyes reflect the stars and a smile lights up my face.
Only apps twitter apps appy apps! Twitter is for cows! Twits say MOO!
Now, what was your question again? Oh, some drivel about leftists using twitter? So, the marketers is spot on, the hackers is spot on. The rest - leftists -shows ignorance. The other group is the media. All sorts of media. Self promoters, people trying to find the news so they can "report" on it. Etc.
Now back to our regularly scheduled program. A HOSTS file can protect you from twitter and apps and cows!
-APK
You seem very confused. Why would you call ISIS leftists, when they're toxic religious fanatics with a fascist agenda - much like our own right-wing lunatics, and why didn't you mention the right-wing simpletons who spew hate all day using tags like #REDNATIONRISING, #TGDN, and #TCOT. It seems like every Conservative who has gone insane from propaganda is constantly announcing how far gone they are on Twitter, and how much they hate anyone outside their hoax-media-driven cult.
I suspect that you're one of the right-wing crazies.
Twitter already has a VIP badge, currently displayed as a white checkmark on a blue eight-lobed shape. Occasionally the loss of this badge
What you recommend amounts to requiring all verified accounts to use 2-factor authentication. But that'll be impractical until Twitter starts allowing second factors other than SMS, such as TOTP (e.g. Google Authenticator) or a U2F key. As of the last time I checked, a single phone line could be associated with only one account. Trying to use a single phone line as the second factor for both your personal account and the business account that you manage produces an error message: "The phone number you gave us [...] is currently used by another Twitter account. Only one account can be used with a mobile phone at a time."
Has this changed?
Why did you prefix some of your words with a #?
PR Manager: CEO Bob needs a twitter account. Can you set that up for him?
PR Intern: You got it. OK, here's the account and password.
CEO Bob: Hey, I need to get the twitter account on my phone and tablet.
PR Manager: OK, we can add them.
PR Intern: We need to change the password on CEO Bob's twitter account.
PR Manager: We can't, he's in Davos/Aspen/St. Bart's and he won't know how to log back in.
Hacked CEO Bob on Twitter: I suck! My company is a fraud!
Why did you prefix some of your words with a #?
On Twitter, a word beginning with # is a hashtag. A hashtag is displayed as a link to a page of search results for other recent Tweets containing the same hashtag. Users use hashtags to group Tweets by subject.
Maybe an option to turn all additional API stuff off, except for the web page?
To revoke the access of a third-party application, open the Apps pane of your account settings.
Why aren't we using more client side SSL certificates, these could be issued by Twitter or something for their purposes. Why are passwords still being used?
Why are passwords being stored unencrypted still?
What is wrong with all of the stupid people who write shitty code like this?
1) Think about why you post to Twitter. (Are you reaching anyone? If there actually is someone, is this the only way you can reach them? Is this an easy or convenient way to communicate? Does it help you express your ideas?)
2) Draw a total blank. Stare into space a while. Make sure. (Hmm.. nope, still nothing.)
3) Delete account.
Twitter is one of the dumbest and least-useful ideas ever. Even Facebook is a good idea, a model of interactivity and convenient expression and dialog, compared to Twitter.
"Believe me!" -- Donald Trump
This troll was pretty weak, I doubt someone with a mod-point fell for it. Sockpuppet account.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
There's an in-built assumption here that goes to the heart of the whole privacy debate: that people like Zuckerberg and Pichai deserve a higher standard of protection than the rest of us from having their private information accessed by people who may not have their best interests at heart.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
To a right winger everything bad is 'leftist'. I know multiple idiots who think Hitler was a leftist despite his corporation worshipping, union busting, executing, you know, leftists, and also of course declaring war on the Soviet Union which by the was just a thuggish dictatorship but at least nominally leftist. But none of that matters. To them, Hitler bad and bad equals leftist no matter the actual ideaology.
It's kind of like how they decry somewhat paranoid tactics on the part of actual left leaning national rulers while ignoring the absolute proven fact that anybody even the least anti crony capitalist and especially God forbid, nationalist, is attacked economically and otherwise by the US and our henchmen who work to undermine, sanction, assassinate, whatever it takes. They never notice the US always props up right wing murderous dictators without regard for the wishes or even the needs of the people in the countries we meddle with. The only qualification to being a US ally is the willingness to surrender your nation's sovereignty and resources to multinational corporations, and the willingness to use whatever means necessary to quell dissent when your people decide they don't like that behavior.
Over the past few weeks, we have seen a number of CEOs -- including Google's Sundar Pichai, and Facebook's Mark Zuckerberg -- become victims of Twitter hacks. One must ask, what's wrong with Twitter that so many people -- including high-profile names -- keep getting hacked?
What does a person's status have anything to do with the ability for his/her Twitter account getting hacked? Passwords and/or protocols are either weak or not and don't play favorites based on a person's status.
It must have been something you assimilated. . . .
Nobody builds a bank vault with a wooden back door.
This particular bank vault has a wooden back door and several broken windows.
Yes. Twitter is an excellent networking tool. The best way to use it is through the "search" box at the top right. Just now I typed in "Utah 3d Printer" https://twitter.com/search?q=U... and found stories about a Utah surgery and find https://3dprint.com/139265/bea... a story about use of 3d printers to use CAT scans to print a copy of her kidney, revealing the hidden tumor. If I was in Utah and involved in 3d printing, I'd now have a list of users who "tweeted" the story and some of them might likely become part of a useful network. I have actual examples as well where it has been of tremendous usefulness to me.
I see you aren't making much use of your @AnonymousCoward handle. For sure, there are many people on Twitter who don't know how to make most effective use of it... perhaps proportional to the internet community at large.
Gently reply
Lol. ISIS is "left wing."
He said 'normal people' not 'people involved in 3d printing'
1. Marketers (including tech company execs promoting their companies)
2. Extreme leftists (including ISIS)
3. Hackers (trying to exploit the above two groups)
4. LUDDITES
We play the game with the bravery of being out of range
Probably because the present user interface for managing client certificates stored on a machine is horrible. See BrowserAuth.net's writeup and my writeup, which suggests a couple fixes.
Thats the thing no one gets.
They've been fighting all this time for universal health care, pre-K school for low income families and a clean water/air.
We play the game with the bravery of being out of range
That's changing. I'm generally an early adopter, and haven't gotten into 3D printing because I have no real use for it, but you know it's headed for the mainstream when Mattel is going to sell a 3D printer for kids.
http://www.thingmaker.com/printer/
That claim isn't really surprising if you realize that the Conservative alternate-reality crowd actually believes that Hitler was a "leftist," and sees science as a "leftist conspiracy" to undermine religion.
A whole subculture has gone insane from a hate-driven, exclusionary variant of Christianity, and propaganda from kook blogs, hate-radio, and Fox. They now believe that anyone outside their media-driven cult is out to get them, and reject all accurate information because it threatens a worldview where ignorant Conservatives are noble warriors against the tricksy leftists. Their delusions would be a private matter, but they vote for imbeciles like Louie Gohmert, and Trump, so they put us all in danger.
Young adults (and kids) are using twitter a lot more than over-40s. This isn't because the older generation is falling behind on the tech curve. This is because twitter is fucking stupid, and the kids haven't figured that out yet
If you're a professional celebrity (i.e. a person famous simply for being famous, and not for any other quality or achievement) it makes sense to have a constant feed of babble to your devotees. You have to stay in the spotlight and not let it wander off to people with actual talents or skills.
For anyone else, why would you want to interact with a functionally impoverished, insecure communication medium that is optimized for propagating hate speech?
IF you go far enough left and far enough right, the two circle around, meet, and become surprisingly similar.
Drop the service until the host takes a big enough hit on the user base to force them to make it a higher priority to fix the problem. Granted I know for some this not much of an option, however, if something is broken it can be fixed. It's all a matter of urgency. This is one of the reasons why I dumped my twitter accounts until something changes.
Venn diagram?
But not niggers.
So, does anyone keep a list of Twitter-connected apps (there is something other than logging on through the website?), and their relative security strengths?
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Exactly what are the incentives for some of these CEOs to prevent their accounts from being hacked? How does it look bad if the CEO of Facebook or Google if their Twitter account is hacked? They can just point out that it wasn't their company's platform being breached.
Twitter isn't for expressing ideas, Twitter is for posting news, some of general interest, some not. Twitter's popular for that precisely because it's not possible to post long rants there, and because condensed stupidity tends to at least be quotable.
Twitter is a "sensory stream", not thought stream.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
> To a right winger everything bad is 'leftist'. I know multiple idiots who think
> Hitler was a leftist despite his corporation worshipping, union busting, executing,
> you know, leftists, and also of course declaring war on the Soviet Union which by the
> was just a thuggish dictatorship but at least nominally leftist. But none of that
> matters. To them, Hitler bad and bad equals leftist no matter the actual ideaology.
Hitler was the leader of the NSDAP. The full name was "Nationalsozialistische Deutsche Arbeiterpartei" https://en.wikipedia.org/wiki/..., i.e. "National Socialist German Workers Party". Part of Hitler's election campaign consisted of nationalizing banks, etc. Since the party's name was rather long for lazy English speakers, it was abreviated to the first 2 syllables of the German name, pronounced like "nat-zi".
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user