# Anatomy of Twitter Attack



## Jerusalem Blade (Jul 22, 2009)

The Washington Post has a great story: The Anatomy Of The Twitter Attack. Reading how this guy compromised the Twitter staff, their email accounts (and many other accounts, including PayPal, iTunes store, and Amazon), office documents, communications, etc. has made me rethink how I do my passwords and related stuff.


----------



## Augusta (Jul 22, 2009)

That was eye-opening. Everyone should read this to keep your info safe on the web. We put so much of our personal info out there now with FB etc that someone can know the answer to your "secret question" just by hanging out on your FB for a while.


----------



## Rich Koster (Jul 22, 2009)

Somebody already hacked my credit card. I'm waiting on the picture from the MAC machine.


----------



## fredtgreco (Jul 22, 2009)

This is useful information. WHile not foolproof (a long way from it) there are two *very simple* methods that go a long way toward avoiding this kind of attack:

1. Never, never, never use the typical "remember my password" question. That was how Sarah Palin's Yahoo account was compromised. You don't want your password security hinging on your mother's maiden name, or your dog's name, etc. Instead, come up with a completely random nonsense answer to that question. For example, the answer to every question could be "going6734house98dogBabylon."

2. Never use the same passwords for sites. If you can't afford a password keeper like Roboform to randomize your passwords, then at least do not use the same passwords for different types of sites (i.e. Gmail and banks)


----------



## Semper Fidelis (Jul 22, 2009)

...and having a Mac isn't going to protect you.

I can't agree Fred enough on using Roboform (they're developing a Mac Version BTW and have an online version now). Don't re-use passwords.


----------



## fredtgreco (Jul 22, 2009)

Semper Fidelis said:


> ...and having a Mac isn't going to protect you.
> 
> I can't agree Fred enough on using Roboform (they're developing a Mac Version BTW and have an online version now). Don't re-use passwords.



There really is no reason not to use Roboform. It's pretty cheap now, and with the online backup, you can get to all your passwords easily. $30 is nothing to pay for your safety.


----------



## glorifyinggodinwv (Jul 22, 2009)

Semper Fidelis said:


> ...and having a Mac isn't going to protect you.
> 
> I can't agree Fred enough on using Roboform (they're developing a Mac Version BTW and have an online version now). Don't re-use passwords.



This is very true. 1Password for Mac will generate random passwords for your Mac and store them. Many Mac IT folks recommend it. It also enables you to only have to remember one password to access the other passwords and will automatically log into sites for you.


----------



## fredtgreco (Jul 22, 2009)

and it goes without saying that the one password you should remember for these types of programs should be something random, like [email protected]*

Once you use almost anything enough, you can remember it. And you can always write it down and put it in a safe.


----------



## AThornquist (Jul 22, 2009)

Twitter is so unspeakably fortunate that the hacker was not in it to tear them apart. Yeesh!


----------



## Semper Fidelis (Jul 22, 2009)

fredtgreco said:


> and it goes without saying that the one password you should remember for these types of programs should be something random, like [email protected]*
> 
> Once you use almost anything enough, you can remember it. And you can always write it down and put it in a safe.



Now I know Fred's password to hack Roboform!!!!

BUWAHAHAHAHA!


----------



## fredtgreco (Jul 22, 2009)

Semper Fidelis said:


> fredtgreco said:
> 
> 
> > and it goes without saying that the one password you should remember for these types of programs should be something random, like [email protected]*
> ...


----------



## tgoerz (Jul 22, 2009)

fredtgreco said:


> and it goes without saying that the one password you should remember for these types of programs should be something random, like [email protected]*
> 
> Once you use almost anything enough, you can remember it. *And you can always write it down and put it in a safe.[/*QUOTE]
> 
> ...


----------



## fredtgreco (Jul 22, 2009)

tgoerz said:


> fredtgreco said:
> 
> 
> > and it goes without saying that the one password you should remember for these types of programs should be something random, like [email protected]*
> ...



No. It is as much about being misplaced as being stolen. How many post-it notes have you lost in your life? Leave it in your wallet instead? That actually could get stolen.

But if I put that paper in my small safe, I always know where it is, no kid will move it or lose it, I won't accidentally throw it away, and anyone who steals it already likely has access to much more than it. And to secure it, I don't need to go to herculean heights. It basically takes me about 5 minutes to solve the password dilemma. That sounds good to me.


----------



## gene_mingo (Jul 22, 2009)

Not to mention, now we are seeing the death of SSL.

The ‘SSL strip’ exploit

It is much more refined than ettercap or dsniff/monkey in the middle.


----------

