Here’s how the current security ecosystem works: benevolent or malevolent security experts find a vulnerability, the tech press covers it, users get upset, and the vulnerability is patched quickly. Today, a key Twitter vulnerability has been made public, and we’d sure like to see it fixed. John Herrman over at Buzzfeed details the seedy underbelly of the internet where Twitter handles are stolen and sold, often for under $100. The scariest part? These Twitter handles are being hijacked with the most basic hacker technique: brute-forcing the password on Twitter’s own public site.
Hackers who want an “OG” (single word, desirable) Twitter handle only need appear like they’re trying to log on from different IP addresses. Most websites use CAPTCHAs to prevent repeated logins, but Twitter only prevents large numbers from login attempts from the same IP address. It’s easy to route your IP address to look like you’re coming from a different computer, and that’s the approach these Twitter hackers use. Of course, when resisting a brute force attack, it helps if you’ve got a secure, non-common password that’s pretty long. If you’ve got a great Twitter handle, you should be using a secure password.
Take a look at the whole story over at Buzzfeed.
- 2014-04-15: Turkey And Twitter Have Not Arrived At Any Tax Deal Yet
- 2014-04-14: American Airlines Receives Additional Bomb Threats After Dutch Girl’s Arrest
- 2014-04-14: US Airways Tweets Apology To Customer
- 2014-04-14: Girl Tweets Mock Threat At American Airlines, Gets Arrested
- 2014-04-13: “Ellen Seflie” Now A Painting At Twitter HQ
- 2013-02-01: Twitter Hacked! 250,000 Accounts At Risk
- 2012-11-08: Twitter resetting passwords due to alleged security threat
- 2011-10-11: Twitter phishing scam pretends to be concerned about you
- 2011-08-26: Beware of Scams Related to Hurricane Irene
- 2011-08-10: India wants to monitor Google and Skype as well