Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment.

Posted 6th January 2009 at 11:56 pm

Tagged , , ,

2 comments

  1. Wired's Theat Level blog posted an interview with the college student responsible for the attack.

    Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal's account.

    Niall Kennedy - 7th January 2009 09:37 - #

  2. He didn't even know it was an admin account until he was in, either. It's like he was trying door handles and got lucky.

    Playing Monday-morning quarterback is easy, but it does seem odd that staff use privileged accounts for their regular public Twittering.

    dmc - 7th January 2009 13:24 - #

Comments are closed.
A django site