Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment.

Posted 6th January 2009 at 11:56 pm

Tagged , , ,

2 comments

  1. Wired's Theat Level blog posted an interview with the college student responsible for the attack.

    Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal's account.

    Niall Kennedy - 7th January 2009 09:37 - #

  2. He didn't even know it was an admin account until he was in, either. It's like he was trying door handles and got lucky.

    Playing Monday-morning quarterback is easy, but it does seem odd that staff use privileged accounts for their regular public Twittering.

    dmc - 7th January 2009 13:24 - #

Sign in with OpenID

Auto-HTML: Line breaks are preserved; URLs will be converted in to links.

Manual XHTML: Enter your own, valid XHTML. Allowed tags are a, p, blockquote, ul, ol, li, dl, dt, dd, em, strong, dfn, code, q, samp, kbd, var, cite, abbr, acronym, sub, sup, br, pre

A django site