Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

The Anatomy Of The Twitter Attack. Long-winded explanation of the recent Twitter break-in, but you can scroll to the bottom for a numbered list summary. The attacker first broke in to a Twitter employee’s personal Gmail account by “recovering” it against an expired Hotmail account (which the attacker could hence register themselves). They gained access to more passwords by searching for e-mails from badly implemented sites that send you your password in the clear.

Tagged , , , ,

2 comments

  1. Any suggestions on how this can be improved?

    I posted two security requests to the Gmail discussions; an option for disabling the security question and an deactivated secondary mail detection system (is this even possible?) or an expired mail registry.

    Torgeir - 22nd July 2009 16:25 - #

  2. Gmail just asked me to confirm my secondary mail:

    Hey, this is important: If you ever lose access to your account, you can send password reset info to [secondary mail].
    This address is correct | Update this address

    Torgeir - 18th August 2009 18:35 - #

Comments are closed.
A django site