Fortunately they didn't break anything. But they're lucky. Check out the screen shots on the french site. And here's what the guy said on a forum. http://news.cnet.com/8301-1009_3-10231847-83.html?part=rss&subj=news&tag=2547-1_3-0-5 All he needed to do was get into the Yahoo account. Last time they got hacked.... Jesus. My mother's email password is more complex than that of the Admin for Twitter. Unfortunately, I see a lot of this when going into new environments.
the problem with passwords is that they're supposed to be secure but everyone wants them to be easy to remember for themselves. they say you should never take a word that's in the dictionary or combined from the dictionary. reason being as i'm sure you know is that programs can be made to crawl for words. you should see my grandfathers password to his router no program is ever going to get that thing right. it's a mixture of letters and numbers and is about 20 characters long. just like a password should be.
36^ 20 attempts or 13367494538843734067838845976576 should do it The problem is with technology getting faster it becomes easier to break these things. They just had a computer which broke one of the mainstream encryption algorithms, although they used a cluster of computers and it took awhile.
i know it can be done; but why waste time cracking a router to get on a network when you could just use one that isn't encrypted? unless of course that person would be targeting my grandfather in which case I say they go after bigger fish...
Indeed. There's always drawbacks. I don't use Twitter, so I don't know if this is the case. However, you'd think with something that lucrative, with that much money behind it, and being that it's a custom platform with fulltime developers and techs on staff, somebody would have the foresight to ensure that some basic password requirements are in place for the admins of this $55 million enterprise. And maybe even some semblance of defense against brute force? Hell, even on this site.....you get five shots at your password before the account is locked for 15 minutes. I'm not saying I'm anywhere near as smart or capable as the people running Twitter. I'm just saying that it would appear that there were some very basic holes in their security strategy that weren't even considered. I mean, the admin password that was guessed in January would not be accepted by the system on any of the most basic domains I put in place. The good thing about these kinds of incidents is that, generally, people take steps to try and make sure it doesn't happen again.
Jesus, that wouldn't take long in a dictionary attack. DA's are supposed to suck, if people who set their pw's aren't morons anyways.
I would think security was a concern but, since it is mainly a communication site, they figured they could go without it for a bit? Now that the word is out though, I would think they will act quickly to remedy this with a new protocol.
