Twitter gets hacked with poor passwords

Last week wired reported Twitter users falling prey to a password brute force attack. Yes you read correctly, a password brute force attack.

Wired:

An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News.

The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password “happiness.”

Although, the password ‘happiness’ wasn’t great, this password brute force risk could have been significantly reduced with an account lockout or captcha based system. It would be great to see WordPress offering these features out the box.

Random Posts

• WordPress 2.2 Vulnerability
• WordPress Upload File Plugin SQL Injection
• Distributed WordPress Password Guessing
• WordPress Pwnie Awards
• WordPress MU 1.3.3 Security release

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Copyright 2007. BlogSecurity. All rights reserved

• Home
• About
• Advertise
• BlogSec News
• Contact Us
• WPSCAN