Twitter Says Glitch Exposed 'Substantial' Number of Users' Passwords In Plain Text

Twitter is urging its more than 330 million users to change their passwords after a glitch exposed some in plain text on its internal computer network. Reuters is first to report the news: The social network said an internal investigation had found no indication passwords were stolen or misused by insiders, but that it urged all users to consider changing their passwords "out of an abundance of caution." The blog did not say how many passwords were affected. Here's what Twitter has to say about the bug: "We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard. Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again."

The social networking service is asking users to change their password "on all services where you've used this password." You can do so via the password settings page.

twitter twats

dumb twats not understanding proper coding

Re:twitter twats

[xxxJonBoyxxx]

^^^ this ^^^. This kind of mistake is worth a little class action. Non-negligent companies don't deploy noob code like this ("der...dump all POST input because we have our fingers in production...herp!") on the machines that actually parse the passwords (or any other sensitive data). Non-negligent companies also have tests for exactly this kind of thing (e.g., try signing on as "user123 / pass123", then make sure "pass123" isn't actually in the log).

Nail 'em to the wall.

Re:twitter twats

[godrik]

(e.g., try signing on as "user123 / pass123", then make sure "pass123" isn't actually in the log).

Hey! How did you know my password?!

Re: twitter twats

Looking at the logfiles. Duh...

Re:twitter twats

[Hallux-F-Sinister]

^^^ this ^^^. This kind of mistake is worth a little class action. Non-negligent companies don't deploy noob code like this ("der...dump all POST input because we have our fingers in production...herp!") on the machines that actually parse the passwords (or any other sensitive data). Non-negligent companies also have tests for exactly this kind of thing (e.g., try signing on as "user123 / pass123", then make sure "pass123" isn't actually in the log).

Yes. Sue them for every cent you never paid them to use thier free service. Recall that your ability to do so was predicated when you signed up for an account, (without which there'd have been no way for you to use the service,) upon your agreement that you understood the provider (Twitter) was not liable for damages to you of any kind arising through your use of the service, blah blah blah. Best of luck with your "class action". Oh, odds are there won't be one because by using Twitter, you probably signed away your rights to sue, and will instead be forced into binding arbitration, from which you will get literally nothing.

Oh, PS, BTW... class action lawsuits, when they CAN and DO actually go forward, make class action attorneies rich when they win, and after those costs are paid, net almost vanishingly small benefits for members of the injured class, which years later if your side wins, when you finally get them, are worth so goddamned little that it ends up not even being worth the time it took for you to read what you had to for the bullshit settlement.

For example, I was once part of a class for a lawsuit against 24 Hour Fitness, over their marketing practices, about 8 or 10 years ago. Years later, I got a check for a whopping TWENTY FIVE DOLLARS! Holy fucking shit, I shouted when I found out about how much I would one day receive a check for, I'm gonna be fucking rich! then I went about my otherwise shitty day, that that announcement of a preliminary agreement to a settlement made no impact on. About 3 or 4 months later, I got the check, and had dinner at a nice, fairly fancy Korean resteraunt, and had almost enough left over from the check for ice cream.

But again, good luck suing Twitter for "damages."

Re:twitter twats

[omfglearntoplay]

People don't or shouldn't class action sue to make money or make lawyers rich. It is done for pure revenge on the perceived evil entity which screwed you over to begin with. All the other stuff is just annoying background noise.

Why do they have the fucking passwords!?

Why do they have the fucking passwords!?

Re:Why do they have the fucking passwords!?

[sremick]

You could, of course, just read the blog post to get your answer. But since you're not only an anonymous coward, but a lazy and/or incompetent one as well:

"We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account credentials without revealing your password. This is an industry standard.

Due to a bug, passwords were written to an internal log before completing the hashing process."

Re:Why do they have the fucking passwords!?

In other words, they had the cleartext passwords in their database, and are lying.

Re:Why do they have the fucking passwords!?

[darkain]

To clarify this: when a user logs in, they have to provide their password. Most likely, their HTTPD was logging the entire POST header of ALL requests, regardless if it potentially stored sensitive information or not. This occurs before the application receives the data and can hash it. This is a potential security issue on virtually every HTTPD that is misconfigured. GitHub just announced pretty the exact same thing earlier this week. Odds are one of these announcements triggered an audit in the other's organization to look for the same misconfiguration and they found it. https://www.zdnet.com/article/...

Re:Why do they have the fucking passwords!?

replaces the actual password with a random set of numbers and letters

Personally I think that little line right there may possibly win an award for worst explanation of something ever. Hashing algorithms I use tend to always produce the same output for a given input every time, so the exact opposite of random. I really don't know how you'd auth somebody using random data. Maybe you just randomly state if the user authed or not?

Re:Why do they have the fucking passwords!?

[Dragonslicer]

Why do they have the fucking passwords!?

This question was answered in the discussion yesterday.

Re:Why do they have the fucking passwords!?

[Kulahan]

Or, more likely, someone just wrote shitty code, and someone else was lazy with their code review, and then it got published.

Re:Why do they have the fucking passwords!?

Shouldn't the hashing be done on the client side that is on the browser side ?

Re:Why do they have the fucking passwords!?

[Highdude702]

But honestly, This should be handled client side not server side. that plaintext password should never be sent over HTTPS even, I haven't played with web development in about 20 years, so I cant say how easy this is to do. But I can say that if its not easy to do in HTML/CSS/PHP/Whatever is used, there is something wrong with the language and it should probably never be used for secure access to anything. Just my 2 pennies worth.

Re:Why do they have the fucking passwords!?

[mangastudent]

It's hard to say how basic a security error this is, I mean, you're supposed to think hard before even logging the user id, because people will occasionally type in their password first.

Re:Why do they have the fucking passwords!?

Hashing client-side seems like a bad idea - does anybody do this? The hashing function (as well as salt) would be exposed on the client javascript or whatever. I may be wrong - haven't worked on anything related to password security in 5+ years.

Re: Why do they have the fucking passwords!?

you goddamn moron. Server side has to see a string that it will let you in as, and if it happens client side, then you can see the algorithm and salt. So yes, server side needs a string* and should never ever ever ever fucking let it out of transient memory.

*OIDC, SAML, TLS client auth are exceptions but I donâ(TM)t expect you to understand those

Re:Why do they have the fucking passwords!?

If the client side does the hashing, then the password is effectively plaintext - the Hash is the plaintext.

The entire _point_ of hashing is that the string provided by the client is not the string stored in the database, but can be confirmed to be a string that produces the value stored in the database.

Re: Why do they have the fucking passwords!?

[Highdude702]

so why cant that string be a common hash, sent to server side for further "secure" as you claim hashing? And I'm the moron.

Re:Why do they have the fucking passwords!?

[Highdude702]

I would rather someone have a SALTED hash than a plaintext password.

Re:Why do they have the fucking passwords!?

Maybe she was thinking what looks like random set of numbers and letters ?

Re: Why do they have the fucking passwords!?

My god man

Re:Why do they have the fucking passwords!?

[sexconker]

Hashing client-side seems like a bad idea - does anybody do this? The hashing function (as well as salt) would be exposed on the client javascript or whatever. I may be wrong - haven't worked on anything related to password security in 5+ years.

Neither the salt, nor the algorithm are considered secret. Nor is the password hash, by the way.
The standard model has the user and password files in plaintext available to all.

The only secret should be the password.

However, due to crappy implementations (such as allowing for social engineering, DoS lockouts, etc.) service providers like to consider the username secret. Due to using old algorithms and not having people regularly change passwords, they often consider the hash secret too. And the salt, And even the algorithm. Often, this is due to embarrassment more than anything else. How many times have we seen service providers get hit with a breach and then a year or more later sheepishly admit they had shit in plaintext, relied on MD5, didn't use a salt, had the last x characters in plaintext and readable by the support staff, effectively only used 12 characters (dropping the rest), etc.?

Hashing client side makes a lot of sense.

Re:Why do they have the fucking passwords!?

[sexconker]

If the client side does the hashing, then the password is effectively plaintext - the Hash is the plaintext.

The entire _point_ of hashing is that the string provided by the client is not the string stored in the database, but can be confirmed to be a string that produces the value stored in the database.

Uh, hash it on both ends?

Re:Why do they have the fucking passwords!?

[MachineShedFred]

Correct, for various values of "database".

Example: if they are collecting all their log messages into something like Elasticsearch, then I guess you could call Elasticsearch a "database".

Of course, if they had a proper code review before pushing to production, anything logging PII, passwords, and the like would be found and rejected as part of the QA process. Or at least have logging levels per environment and if you're going to have something like this in there, log it at DEBUG level instead of INFO or higher, and leave production set to only log INFO and above. Test environments can still be logging at DEBUG so that you can see stuff like this... for debugging!

It's almost like logging levels have existed for decades.

Re:Why do they have the fucking passwords!?

If you do that, the client-side hash needs to be treated as if it were a password, not logged etc....
You can do it, but it's completely pointless

Re:Why do they have the fucking passwords!?

It will protect the users' accounts in other services in cases where the users reuse passwords (or use a simple password scheme).

Re:Why do they have the fucking passwords!?

It does not:
https://security.stackexchange.com/questions/53594/why-is-client-side-hashing-of-a-password-so-uncommon

TLDR: Client side hashing is less secure that server side hashing and SSL.

You could do some sort of challenge/response technique, but that would require a secret longer than most passwords.

Well now

[Presence+Eternal]

Ok, that's it. Can anyone recommend a reputable life lock style service? One that isn't owned by the same incompetents who created this endless fuckstorm?

It's clear I need once, since there's no level of care I can take that will compensate for every single service I use being completely untrustworthy.

Re:Well now

yo maybe you could use unique passwords
then when some stupid social media site gets hacked they dont have the login to ur bank
just sayin

Re:Well now

[forkfail]

Even with a good password vault, if basic security practices aren't in force, your data is up for grabs.

And your data is stored in so many places. It is, these days, not a matter of "if" but "when".

Re:Well now

[Presence+Eternal]

Passwords are not my concern per se. This is a symptom of endemic categorical incompetence. Plaintext. Holy hell! Plaintext!

I have to accept that my data can't be protected....scratch that, hasn't been protected and has been completely exposed many times for decades. I have to operate with that as the understanding. Security practices are only an option if I can trust service providers to...FUCKING PLAINTEXT!

Re:Well now

[GrumpySteen]

Just send me all your account information, particularly for banking and credit cards. I'll personally lock your shit down so tight that you won't ever be able to get into it again.

Re:Well now

[Dragonslicer]

Plaintext. Holy hell! Plaintext!

How else would you propose sending your password to a remote service for authentication? There are other such methods, but they're significantly more complex.

Re:Well now

[Presence+Eternal]

Well, I'm not an expert on these things, but I think I'd use https, filter the user input, hash and salt the submitted password, start logging, load and escape the fields from the user database, and compare. Or use a third party login service so I wouldn't have to take the blame if something got gorked up, since as I said I'm not an expert on these things.

Re:Well now

[godrik]

I use pwsafe and I push the (encrypted) password file to git.

Re:Well now

[Dragonslicer]

Well, I'm not an expert on these things, but I think I'd use https, filter the user input, hash and salt the submitted password, start logging, load and escape the fields from the user database, and compare.

I've highlighted the time when the password is plain text.

Re:Well now

[Highdude702]

I'm sure he means Client Side not Server Side, so the only thing transfered is a salted hash.

Re: Well now

CHAP

Both you and the server know a secret, server sends a challenge you use the secret plus the challenge and send the result, server compares.

Yes you still have to send the pain secret once but hopeful on a secure channel and only for changes.

Re:Well now

[Dragonslicer]

At which point the salted hash becomes the password, and nothing has changed.

Re:Well now

How else would you propose sending your password to a remote service for authentication? There are other such methods, but they're significantly more complex.

This is Twitter we are talking about, one of the most popular site in the world. If Twitter can't do the "significantly more complex" protocol (let's say password-authenticated key exchange), then we are doomed for sure.

Sending plain text password is one thing, logging plain text password is another level of incompetence. So as OP said, the level of incompetence in this case is staggering.

Re:Well now

[Highdude702]

there is a difference between a user password, and a salted hash. one is safer than another to transmit. and they can both be re hashed on the other side, it just becomes less exposing to do it one way and not another, also prevents a breech in one service from effecting another unless its a source copy.

Re:Well now

[Dragonslicer]

there is a difference between a user password, and a salted hash. one is safer than another to transmit.

What makes you think that sending a password that looks like a hash is safer than sending a password that doesn't look like a hash?

Downward trends...har-har.

[TheZeitgeist]

Twitter is urging its more than 330 million users to change their passwords after a glitch exposed some in plain text on its internal computer network.

Remember couple years ago when the oft-quoted number of Twits was ~500 million? Ouch on the downgrade. They can hate on Trump internally all they want, he closes his account their total traffic goes down by 10% probably. Twitter needs Trump...think about that one for a sec.

Re:Downward trends...har-har.

[Ksevio]

Maybe the bug only affected some of the users

Re:Downward trends...har-har.

[squiggleslash]

I... that... look, that's... that's not how it works. Not at all.

If something is failing now, saying "The problem is they might get rid of that person they're keeping on to" makes little or no sense.

Trump might be the reason 170M people are gone. Or it might be the Neo-Nazis. Or it might be the harassment squads. Or it might be that their website is shitty and they keep adding "Features" nobody wants that actually makes it harder to use, like that idiot "Let's treat "likes" like "retweets"" thing they do that cannot be permanently turned off.

Or it could be one of a whole host of other reasons. But it certainly isn't because they might get rid of Trump but haven't yet.

Re:Downward trends...har-har.

[TheZeitgeist]

Completely misunderstood what I was saying. Trump generates lots of traffic for Twitter because world basically watches his tweets. Whether you like him or hate him is irrelevant - he's just a big bump in their traffic. If they lost Trump for whatever reason (pick a reason) that traffic would go away. That makes Trump's continued engagement with the platform of particular material interest to Twitter.

Re:Downward trends...har-har.

[rogoshen1]

It's the howard stern phenomenon all over again. The people who disliked him the most, were also sure to tune in just to be annoyed and offended.

Re:Downward trends...har-har.

[Highdude702]

Yes, only the ones that actually use the service and log in.

Re:Downward trends...har-har.

"Twitter needs Trump...think about that one for a sec." (emphasis mine)

They don't.

First of all,
Trump has 51.5M followers.
That's a lot but it 'just' gives him spot 19. among other users.

Secondly,
The next president will still be on Twitter, as @potus.
And the media will still report on what he or she writes.
Note that @barackobama has 102M followers, so another president could top Trump's # followers.

...[Trump] closes his account their total traffic goes down by 10% probably.

You're just guessing.
I could easily claim the opposite, if we're all just writing down random nonsense....

Not a bug

Due to a bug, passwords were written to an internal log before completing the hashing process.

Repeat, that is not a bug. That is intentional. It was designed to do this. You cannot call an intentional act a bug.

Re:Not a bug

This should be far higher rated.

This wasn't a bug. They did this on purpose.
They are admitting that twitter collects users passwords.

Re:Not a bug

There's a couple of possibilities where this wasn't intentional. The first is simply "miss-config". Someone made a config change that they didn't realize the implications. The other is simply "dev code got checked into production".

Just because the code is there that logs the passwords doesn't mean this was intentional behavior.

Re: Not a bug

In this case, since the offender is Twitter, yes, it means exactly that. Twitter is a shitty scummy service run by shitty scummy people. It should be considered normal they would do shitty scummy things like capture your password in plaintext.

Re: Not a bug

[Zontar+The+Mindless]

Never underestimate the power of human stupidity.

Irrelevant but still

"which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system"

I'm pretty sure the numbers and letters selection is pretty deterministic

Re:Irrelevant but still

[forkfail]

Not irrelevant. And "back in the day", a lot of folks would have noted this right off, and posted under their actual logins, instead of being afraid for making geeky observations about the weakness of the writing/editing.

I'm pretty sure this response comment will get modded down, but hey. Old /.ers don't die, they just get modded into oblivion...

Re:Irrelevant but still

[forkfail]

Yep, got modded down. /. is no longer a "safe space" for geeks.

Sad.

Re:Irrelevant but still

[Scarred+Intellect]

I would have modded you up! I've been here a lot longer than my long UID suggests.

It was Russian bots

The password leak was obviously Russian bots.

All things bad are Russian bots.

Russian bots are so powerful that they can change people's minds with a word and compromise entire social networks with two dozen keystrokes.

And we know that all bad things happen because of Russian bots. We know this because we are reminded of this fact constantly. If it wasn't for these daily reminders that Russian bots are responsible for all evil things and all hax, we might start to suspect that maybe it was not malice, but simple incompetence or internal leaks. In fact, we might start to think - OH, WAIT! THERE'S A RUSSIAN BOT!!!1!

Re:It was Russian bots

So you claim that what you read in the news, on tv, on social media, from your friends and family, has absolutely no influence on your political views ?

So tell me this: What DO you base your political views on ? Thin air ?

Re: It was Russian bots

Obviously I based my 2017 vote on the $130k Russian ad spend on Facebook and not in any way the $4 billion dollars spent by the two candidates and their surrogates/proxies.

You're an idiot. Please delete your browser immediately for the safety of the internet.

Why does this still happen?

[alvinrod]

You would think that by now, not storing (or if possible even transmitting) passwords in plain text would be common sense or something that they teach in school. Developers found violating that principle should be sent to a reeducation camp and have that point driven into them, possibly with a mallet.

Re:Why does this still happen?

[omnichad]

They didn't store the password in plain text (intentionally). They appear to have a user action logging system that logged user inputs, including the password field. Just as dangerous, but at least they gave it some thought.

Re:Why does this still happen?

[tepples]

The passwords are not transmitted in plain text; they are transmitted through a TLS channel. The storage was intended to be as a bcrypt hash value, not as plaintext or even as ciphertext. The storage described in the featured article was a mistake apparently during debugging, which was discovered and corrected, presumably before the result could leak.

Re:Why does this still happen?

[Dragonslicer]

You would think that by now, not storing (or if possible even transmitting) passwords in plain text would be common sense or something that they teach in school.

It has to be in plain text somewhere along the path. How else would you pass it to the hashing algorithm?

Re:Why does this still happen?

[Highdude702]

If they did that little hashing number client side, its never even a thought let alone a problem.

Re:Why does this still happen?

[Highdude702]

The plain text passwords should never have been transferred to their servers, whether its through TLS or not.

Re:Why does this still happen?

[Highdude702]

Hash client side. 1 password isn't going to take long no matter the algorithm.

Re:Why does this still happen?

[zabbey]

how do you do that without javascript? Not everyone uses it. With javascript, how do you hash without exposing the key?

Re:Why does this still happen?

[E-Rock]

How does that help? If I send a username and password, they were logging both and anyone with access could log in as you. If they were using your plan, I'd send a username and hash, they would still have been logging both and anyone with access could log in as you.

Re:Why does this still happen?

[beuges]

So your password is 'hunter2', and clientside, you hash that to 'asdflkjh1234poiu'. That still has to be sent back to the server, and the server has to validate it somehow. Congrats, your password is now 'asdflkjh1234poiu'. It doesn't matter that I don't know that you typed in 'hunter2' to get to 'asdflkjh1234poiu', all I care about is that if I send 'asdflkjh1234poiu' down the wire in the password field with username 'Highdude702', the server lets me in. I don't care that your password is 'hunter2' and not 'asdflkjh1234poiu', I care about accessing your account.

Now, lets think about the practicality of this situation. You HAD to have transmitted hunter2 to the server during registration. If you didn't, the server couldn't have been able to generate a hashed version of it. It's pointless saying 'but you can use 'asdflkjh1234poiu' which I hashed clientside for you already', because then that's the equivalence of a cleartext password.

Next, you need to understand how bcrypt works. It takes your cleartext password 'hunter2'. It then adds a salt to it, performs a random number of iterations of a hashing algorithm on it, and stores the salt and the random number along with the resulting hash. You can't reverse this, even knowing the number and hash. What you can do is take a given input from the user, e.g. 'hunter2' and add the same salt to it, and repeat the algorithm the same number of times, and compare the resulting hash to what you've got stored.

Let's say you no longer want to transmit plaintext passwords. So you ask the server for the random number and salt associated with Highdude702, and you do the bcrypt clientside, and transmit that to the server, so the server only has to compare what you transmitted with the bcrypt it's got stored. Congrats, your bcrypted password is now a cleartext password, because you're just doing a straightforward string compare. If I get the db from the server, I can login to your account with not extra effort whatsoever.
You can't change the salt or the number of iterations clientside, because you'd then be unable to validate your password against the hashed version on the server. The whole point of it is that it's not reversible to get your cleartext password out.

There are of course ways of transmitting an encrypted password to the server, but at some point they have to be decrypted on the server to be able to re-hash them and compare against the one-way hash that the server is storing. So you're back to transmitting a password, except its reversibly encrypted (since it has to be decryptable on the server), which means that someone else could also decrypt it if they breached the server (or your client), so it's only slightly better than transmitting the cleartext password. So you might as well just use TLS and send the cleartext password anyways, because with TLS, you know upfront if someone is MITM your connection via a cert validation failure.

Then there are other ways of transmitting your password securely, but they introduce additional complexity on server and client, and everywhere that additional complexity is introduced, you increase the potential for bugs, which could be security issues. You also typically introduce user-unfriendliness, which means that the majority of users will either not use your platform because its too unfriendly, or will choose to use the less secure login method, because its more friendly. Either way, you're back at square one.

There's nothing wrong with transmitting your password in cleartext over TLS, as long as the server is storing the passwords as a one-way hash, which Twitter (and GitHub) are doing.

Re: Why does this still happen?

No, no, a thousand times no.

Setting up the password, inside TLS: server provides salt1 in the clear within TLS. Client produces h(password, salt1), sends it back to server. This is the weakest spot, and can fail due to TLS holes or idiotic loggin of content pulled out of TLS.

Subsequent logins, server generates a random salt2 (different per session), sends it and salt1 to client. Client accepts password from user, computes hash(password, salt1), then computes hash(salt2, hash(password, salt1)). The server computes the same thing from the salt2 that it just created, and hash(password,salt1) that it stored previously, and compares them.

So after initial login, the authentication could be over an unencrypted channel without leaking anything useful for reestablishing authorization at a later time. Of course you couldnâ(TM)t do anything safely within such a session, but after salt2 has been used or expired, an attacker has no way in. Short of running a rainbow table attack on strings the size of your hash... which isnâ(TM)t a thing.

So the key is to prove that the user knows the password, not to stupidly supply it over the wire. Or the salt1â(TM)d hash of it, in this case, to harden it way out of reach of rainbow attacks.

Re:Why does this still happen?

[Highdude702]

So your password is 'hunter2', and clientside, you hash that to 'asdflkjh1234poiu'. That still has to be sent back to the server, and the server has to validate it somehow. Congrats, your password is now 'asdflkjh1234poiu'. It doesn't matter that I don't know that you typed in 'hunter2' to get to 'asdflkjh1234poiu', all I care about is that if I send 'asdflkjh1234poiu' down the wire in the password field with username 'Highdude702', the server lets me in. I don't care that your password is 'hunter2' and not 'asdflkjh1234poiu', I care about accessing your account.

Ok so as someone has already stated.

if you did use client-side hashing in the first place, and only stored a one-way hash of the already hashed&salted password, you could indeed consider 'asdflkjh1234poiu' your password - TO ACCESS THIS ONE SPECIFIC SERVICE (Twitter). There would however never have been such massive headlines of a leak, because users' plaintext passwords - that they use in many different services - would not have been leaked.

Thanks AC

Now, Like he says.. YOU dont have my real password for one. but whats stopping the server from then hashing the hash I send if they think theyre going to get hacked? I dont understand why you guys are throwing the baby out with the bath water.. I dont give a fuck if someone gets a salted hash of my password. because they have no fucking idea what my real password is. also there is no chance of them doing the apparently common thing of storing it in clear text(i say its common because if you try to claim it isnt then you havent actually been paying attention) It is INSECURE to send YOUR password in clear text to any service or server.. Why does sending the plaintext password become more secure than not sending it? I dont get it. Nobody has been able to explain to me how somebody gets my actual password the way i suggest doing it. the way thats common to do it today. well there are databases with billions of passwords for everybody to see thanks to it.

Re:Why does this still happen?

[Highdude702]

youre looking at it wrong, the employees that had access to that log probably had access to that whole site. they could do whatever they wanted with your information you have stored there whether there was a password or not. now $randomhacker gets ahold of that log, and starts testing user pass combos on other sites.. with a pre hashed password.. he gets nothing. with the plaintext password sent from $pleb1 used on $site1-12 $randomhacker gets $popularsite2-4 login information for $pleb1. make any more sense what im talking about.. minimize risk during breeches. because the breeches are going to happen, too much new development on the internet to not happen. you cant secure from thousands of changes a day.

Re:Why does this still happen?

[Highdude702]

if HTML isnt able to securely hash multiple algorithms by now, they need better devs.

Someone forgot to remove their io code

Whoever wrote that code probably had some PRINT or LOG statements to get some insight that everything was working correctly, than forgot to remove them when they did a commit.

Source: I've made this mistake before

Twitter AND GitHub....

[dgatwood]

One site being affected by bug this is a fluke. Two being affected by the same bug is a pattern.

This seems like an awfully convenient way for someone to maliciously gain access to somebody else's account on sites that do stupid things like locking you out after a certain number of failed login attempts:

• First, find a way to gain surreptitious access to the site's logs (or gain access via a gag-order-protected subpoena later).
• Second, introduce a bug in bcrypt that logs the unencrypted password.
• Third, enter a wrong password until the user gets locked out.
• Fourth, wait for the user's new password to show up in the logs.

The best part is that this could even allow someone to compromise specific accounts on sites that encrypt all user data while in stable storage and in backups, unless those sites also encrypt all of their log data.

For now, I'm willing to give the parties involved the benefit of the doubt and assume that this was just an accident, or possibly two accidents, and assume that somebody at Twitter read the story about GitHub and thought, "I'd better make sure we don't do that." That said, the possibility that a bug like could this exist in some sort of production software that would be shared by such disparate companies as Twitter and GitHub is downright alarming, and the possibility that this was malicious should at least be in the back of everyone's minds right now.

Re:Twitter AND GitHub....

[mark-t]

No... one is a fluke, two is coincidence, and is only cause to watch for patterns. *THREE* is a pattern.

Re:Twitter AND GitHub....

This will get modded down like every other anon post lately but here's something to consider - MANY, and I do mean MANY, sites, send their logs to various data aggregation vendors. Some do it for security reasons (sentry metrics for example), while others do it just for the fuckin eyecandy charts. It's _impossible_ for Twitter or Github to clear their logs like that.

tl;DR - EIther Twitter and Github don't know what they hell they're doing any more, or are outright lying in an attempt to downplay this. There is _NO_ reason a production host should be logging it. None. Nor is there any reason users passwords should be sent like that. I expect a whole lot more fallout from this assuming companies do what they are legally required and disclose of it.

Re: Twitter AND GitHub....

What makes you think Twitter EVER knew what they were doing?

I know people there from way back. They didn't then, either.

scrypt is better and an IETF standard

[greenwow]

I don't understand why anyone would use bcrypt. Although scrypt is newer and in terms of security, that usually means safer. scrypt requires a lot more memory which isn't a problem for their servers when comparing hashes, but it blocks FPGAs from brute force attacks.

Re:scrypt is better and an IETF standard

SCrypt requires exponentially both more CPU time and memory as the number of rounds increase. Maybe Twitter's servers are memory-bound so bcrypt is less worse for them.

Re:scrypt is better and an IETF standard

Because bcrypt is easier to implement in most languages than scrypt and has fairly broad native library support in web languages like PHP.

IETF RFC 7914 is NOT Standards track! Read it again: It is informational track ONLY. Just because there's a published RFC somewhere means jack squat unless it's been through the Standards track process.

plain text is not a glitch!

[kiviQr]

Plain text is not a glitch ... it is bad security! For a company of that size that tells you something about how secure they might be.

Re:plain text is not a glitch!

[Highdude702]

Look at the user base, and staff.. Twirrer is popular for Trump, Botnets, and Spam.

SuperLog

[AlexanKulbashian]

so.. they log all function calls and their variables? or just the pre-crypt ones?

"Glitch"?

[hey!]

A "glitch" is something that happens to you. This was something Twitter did to itself.

Not learning

[duke_cheetah2003]

It seems to me, a majority of technology companies seem to not be learning. We've been here, before. More than once. And it's not exactly news that you never store a plain-text password anywhere, ever.

I mean what the hell are they teaching in computer science courses now? This should not be happening, so frequently. An occasional lazy outlier perhaps, but big tech firms like Twitter? No excuse. They should be fined by some government entity, obviously just the bad publicity isn't enough to get companies to do the right thing, perhaps some fines will right the ship of irresponsible handling of user data.

Zero day solve

[The+New+Guy+2.0]

Seems like this log wasn't being looked at by anybody outside of Twitter, so there's no hack and no "exposure" so I doubt we'll see a world-ending password release here.

Re:Zero day solve

It seems like it wasn't being looked at by anyone inside Twitter either. How long have they been fucking this up and just now noticed?

mod_security

[manu0601]

It is easy to log passwords without knowing. If you use mod_security for Apache, have a look for Authorization headers in modsec_audit.log

The sanitiseRequestHeader operation is supposed to clean that up, but there are situations where it is not run

"Bug"

[aliquis]

... or feature asked for by US information authorities.

I wonder which.

Why would they log plain text passwords?

Github, Twitter

Who's next? Are they all reading from the same playbook?

Both GitHub and Twitter, same week?

This definitely smells fishy and strange. For two tech companies to make an absolute beginner's mistake like this, at the same time.

I don't know what the exact purpose is, but I'm guessing one possibility is to match developer accounts to twitter accounts, simply for building profiles and establishing connection graphs.

DAMNIT!

[Hallux-F-Sinister]

Now how am I going to come up with another password as memorable and clever as "1 2 3 4 5" ?!? That shit was BULLETPROOF, and totally NOT the sort of thing an idiot would have on his luggage!

Guess I'll have to change it to "1 2 3 4 5 6"!!! Don't tell anyone! It's MY password and YOU can't use it. You have to pick your own.

Alternatives to sending the password

[tepples]

How would you recommend that each user authenticate himself or herself to the server of Twitter, Slashdot, or any other forum-like web application?

Sending the password The user provides a password over a TLS channel through a form or HTTP basic authentication, which the server hashes and compares to the stored hash. Most public websites that I'm aware of use this method. HTTP digest authentication with a fixed realm The server sends a fixed salt in the realm field, and the user's browser sends the hash of a (username, realm, password) combination to the server. This not only uses the deprecated MD5 algorithm but is also vulnerable to pass the hash attacks. HTTP digest authentication with a variable realm The server sends an IV in the realm field, and the user's browser sends the hash of a (username, realm, password) combination to the server. This not only uses the deprecated MD5 algorithm but also requires the server to store the password (not just a hash thereof) in order to verify that the hash is correct. Some zero-knowledge proof means Because a zero-knowledge proof isn't defined in the HTTP spec, it requires the user to download a program from Twitter's server and execute it on his or her computer. This fails if the user has turned off automatic execution of script in the browser. Using a client certificate TLS allows a user agent to identify itself using a certificate, much as with an SSH client key. But its usability in current web browsers is so terrible that I can think of only two websites that have used it: StartSSL (RIP) and Kount (an e-commerce fraud detection service). Some option that I haven't thought of I'd be interested to read your reply describing such a method.

Re:Alternatives to sending the password

[Highdude702]

Ok, first stop using MD5? that sounds like a start. second, encypted session(lets get as secure as we can before we do any auth) server says who are you, client says im John Smith. Server says how do you expect me to believe you, here is an algorithm.. the same as the one you signed up with(you can even do a rolling algo with a flag in the database per user) also heres a salt to use. client says, second mate i need to run this shit quick ill get back with you in a second. client hashes, sends hash over encrypted channel. server responds, ahh Hello John! Welcome.. or it says OI FUCK YOU CUNT YOURE NOT JOHN GTFO! idk its early im sober. seems more secure than sending plaintext secrets over any protocol, encrypted or not. I dont understand what is so insecure about this, that makes sending the plaintext password more secure using the same methods.. it just doesnt seem like people are thinking before they type. i have literally been called a moron because i suggest sending a hash in place of the plaintext password. like someone is gonna read the hash.. but some how would not have been able to read the plain text password. I by no means have a formal education in security, but i have been in the "streets" of the internet since i was a kid and ive seen just about every type of security broken at some point. its not a matter of IF its WHEN. So we need to try to secure as much as possible before that happens. and to me that means my plaintext password never leaves my NIC. Looking forward to your reply.

Fantastic!

I work in Information Technology in healthcare. Do you know how many chances we get to get it right? 1. 1 chance, before I get nailed to the wall for screwing up security, but non-healthcare entities, like Equifax and Twitter and Yahoo all get either completely absolved of all liability, are allowed to profit from their idiocy or are fined a pittance.

Fantastic work here. Please continue /s

Running a server-defined program on the client

[tepples]

I found your comment difficult to read because of the lack of sentence-initial capital letters, quotation marks, and line breaks.

Ok, first stop using MD5? that sounds like a start.

RFC 2069 specifies that HTTP digest authentication shall use MD5. Switching from MD5 to anything else would require the use of JavaScript. The use of JavaScript would require counterpart functionality in the noscript element.

second, encypted session(lets get as secure as we can before we do any auth)

TLS. I'm with you so far.

Server says how do you expect me to believe you, here is an algorithm.. the same as the one you signed up with(you can even do a rolling algo with a flag in the database per user) also heres a salt to use.

What you describe is in essence what I described earlier as "Some zero-knowledge proof means", for which I warned: "This fails if the user has turned off automatic execution of script in the browser." Here's how the next step would play out in detail:

Client says "I am running the LibreJS extension. Before I run any code, I'll need to see that code's copyright license to ensure that my user has the right to audit the algorithm you are sending, in order to ensure that your program isn't unduly intrusive on my user's privacy or otherwise malicious, and share the results of this audit." Quoting FSF's Free Software Definition, the user will need the following rights:

• The freedom to run the program as you wish, for any purpose (freedom 0).
• The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help others (freedom 2).
• The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

The GNU General Public License defines a work's "source code" as "the preferred form of the work for making modifications to it." A minified or obfuscated form of a script is instead called "object code", even if it is in superficially the same syntax as source code.

Re:Running a server-defined program on the client

[Highdude702]

So essentially after ~30(?) years HTML is still shitty. I kindof figured that from the other posts. Maybe browsers could implement the rolling hashing portion of the deal, allowing the rest of those fields to be fulfilled. There has to be safer ways to do this. Sending plaintext passwords to anybody is a bad idea honestly. Negligence like this is the main reason, a lot of us have known this but your information isnt safe outside of your own network..

Re:Running a server-defined program on the client

[tepples]

I'd prefer to use a TLS client certificate, but the user interface for those in widely used web browsers needs a serious redesign before that can be practical.

First, the browser needs to make the button to select a client certificate more obvious. Second, split the list of available client certificates into three groups: anonymous (no certificate), certificates used on the same domain (ordered by most recent), and certificates used on other domains. Third, browsers' built-in password/bookmark/history synchronization mechanisms need to make synchronizing client certificates across devices painless. Might WebAuthn (a W3C Candidate Recommendation generalizing FIDO U2F) be a step in the right direction?

Re:Running a server-defined program on the client

[Highdude702]

I got to here and cringed

are created and stored on an authenticator by the user agent in conjunction with the web application.

Its a good idea to not transferring the password, ill give it that.. or it seems so i only read the first page or so TENR(too early not reading).

The problem is now that password/phrase/key is stored on the client.. the client is the most insecure part of this whole process. 99% of people that end up being vulnerable when this stuff happens run windows. windows without a bunch of work is normally easy to break into. Now were back at the password manager issue we had a few years ago, Are the keys encrypted on the client side still requiring a password to unencrypt? that may mitigate this area i worry about. If not its no better than sending the plaintext password across the internet. botnets are everywhere and everywhen. they scan large, and i mean LARGE chunks of the internet with 0day exploits. then you also have the drive by web attacks. and well we can go on for days on that part. I feel what you have showed me helps, but only moves the risk to the less secure side of the equation.