Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Password guesser breaks Twitter admin account

Sophos : 08 January, 2009  (Technical Article)
Simple Administrator password on social networking site leads to hacked accounts
IT security and control firm Sophos is calling on Twitter to enforce the use of strong passwords by its members following the recent publication of details on how a hacker managed to gain access to Twitter's internal systems earlier this week.

According to reports, the teenage hacker, who uses the online handle GMZ, claims he gained entry to the micro-blogging site's administrative control panel by using a dictionary password guesser at a Twitter staffer's account. Unfortunately for Twitter and its hacked users, the staff member had chosen the dictionary word "happiness".

GMZ claims that he did not use other hacked accounts himself, but posted a message on a hacking forum offering access to any Twitter account by request.

'What lessons can be learnt from this incident? Firstly, you should never use an easy-to-guess password to secure your online website accounts. Using a dictionary word like "happiness" shows a complete lack of knowledge about how to use computers safely,' explained Graham Cluley, senior technology consultant at Sophos. 'Twitter could help avoid this problem by insisting that passwords are not known dictionary words, or forcing the use of numbers and other characters - such as underlines, exclamation marks and percentages - in users' chosen passwords.'

'Secondly, Twitter and other websites should be able to tell when hackers are trying to brute-force their way past a password. GMZ says he ran his automatic password guessing program overnight before it finally broke its way in. There's no reason why Twitter couldn't, say, notice that someone has entered the wrong password three times in a row, and then insist they wait 15 minutes before trying to log in again,' continued Cluley.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo