Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Twitter #Hacked

timothy posted about a year and a half ago | from the coz-it's-a-hashtag-see dept.

Communications 111

theodp writes "Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."

Sorry! There are no comments related to the filter you selected.

Twitter (-1)

Anonymous Coward | about a year and a half ago | (#42769147)

Twitter twacked

Re:Twitter (0)

Anonymous Coward | about a year and a half ago | (#42769807)

All their user are by definition.

Did Yoda write this? (-1)

Anonymous Coward | about a year and a half ago | (#42769153)

"did security not specify"

Re: Did Yoda write this? (0)

Anonymous Coward | about a year and a half ago | (#42769235)

They meant "did not specify security"

Re: Did Yoda write this? (1)

G-News.ch (793321) | about a year and a half ago | (#42769837)

actually the sentence should be "...manager of network security did not specify...", so no, they didn't mean "did not specify security".

Re: Did Yoda write this? (0)

Anonymous Coward | about a year and a half ago | (#42770259)

I think it was a joke referring to the poor security on Twitter's part, as in "Twitter did not specify security.

Re:Did Yoda write this? (0)

Anonymous Coward | about a year and a half ago | (#42769259)

Speak this way, most of us do.

quick and dirty programming (2)

slmdmd (769525) | about a year and a half ago | (#42769161)

java app => cron: reboot/restart apache/jboss/tomcat : every week

Re:quick and dirty programming (0)

Anonymous Coward | about a year and a half ago | (#42770431)

I thought the same until I discovered Jetty. Never touched Tomcat with a ten foot pole since then.

Safari and Firefox (4, Insightful)

icebike (68054) | about a year and a half ago | (#42769193)

Who reads twitter with a web browser anymore? All quarter million of these accounts?
Or was that avenue used to gain access on a server to a password databases or what?

TFA says

hackers gained access to Twitter's internal systems and stole information, compromising 250,000 accounts

They then reference an advisory from the U.S. Department of Homeland Security that users disable Java on their computers.

Maybe Twitter should follow DHS?

This sounds like half the story. And press accounts aren't much more informative. Seems everyone is playing this java angle
pretty close to the vest.

Re: Safari and Firefox (3, Insightful)

Anonymous Coward | about a year and a half ago | (#42769249)

Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

Re: Safari and Firefox (4, Informative)

tlhIngan (30335) | about a year and a half ago | (#42769519)

Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

They'd have to be both - as in a Mac running 10.6 or earlier since Apple removed Java from the OS and blocked old versions. Heck, a couple of days ago Apple blocked ALL versions of Java (they set the minimum version to 0.0.01 above the current one - Oracle just released it that was 0.0.02 above their previous version).

Apple basically kicked Java to the curb with Flashback - they removed their version of Java from the OS (by blocking it, requiring install of the Oracle one). And the Java plugin for Safari is disabled by default - you can enable it, but I believe it disables itself automatically 30 days later, so you have to re-enable it again.

Re: Safari and Firefox (0)

Anonymous Coward | about a year and a half ago | (#42769693)

It probably was not a coincidence that Apple blocked Oracle Java applets and Twitter announced this hack within a couple days. The G-Men were probably standing around supervising.

In any case, it''s important to remember that developer systems are much softer than the public web servers. If a hacker can find a localhost:8080 URL, you might get owned.

Re: Safari and Firefox (1)

MacDork (560499) | about a year and a half ago | (#42775059)

Workers' computers at Twitter were compromised by a java exploit. If they were running Safari it's either oooold or they were using Macs.

They'd have to be both - as in a Mac running 10.6 or earlier since Apple removed Java from the OS

Twitter is staffed by web developers. Web developers typically use Java. I think you might be missing a third possiblility.

Re:Safari and Firefox (1)

Mashiki (184564) | about a year and a half ago | (#42769333)

Who reads twitter with a web browser anymore?

Did osmosis and transmission into the brain by optical cable get perfected while I was offline in the last three weeks? Can you let us in on the secret...

Re:Safari and Firefox (4, Funny)

icebike (68054) | about a year and a half ago | (#42769359)

Who reads twitter with a web browser anymore?

Did osmosis and transmission into the brain by optical cable get perfected while I was offline in the last three weeks? Can you let us in on the secret...

Funny little thing happened while your were asleep Rip Van Winkle. Smartphones were found under a cabbage leaf and the world rejoiced.

Re:Safari and Firefox (4, Insightful)

93 Escort Wagon (326346) | about a year and a half ago | (#42769369)

Yeah, reading tweets on a little phone screen. That's a step forward, yes it is.

Re:Safari and Firefox (1)

Anonymous Coward | about a year and a half ago | (#42769729)

Yeah, reading tweets on a little phone screen. That's a step forward, yes it is.

Originally Twitter was supposed to be a SMS broadcast service to make it easy to tell your bros you were at the bar. 140 chars = worked on your shitty 2007 dumbphone. That was a step forward.

All the witty one-liner stuff, celebrities and politicians spewing talking-points, journalists spamming urls, etc, was an unanticipated side-effect.
 

Re:Safari and Firefox (0)

Anonymous Coward | about a year and a half ago | (#42770303)

Is 140 characters too much to fit on a smartphone screen? twitter was designed to be used from mobiles.

Re:Safari and Firefox (1)

Anonymous Coward | about a year and a half ago | (#42770957)

Reading tweets period is a massive step backwards. I'm thrilled we could slave to produce this "internet" you all are glued to, reading.....tweets. Awesome. Next time I'm going to engineer new lollipops, that seems to be more your(and the other tweet-consuming masses) speed.

Re:Safari and Firefox (1)

kdemetter (965669) | about a year and a half ago | (#42769611)

And how exactly is that not using a web browser ? It may not look the same way, but it does the same thing : it connects to a website ( using HTTP protocol ) , thus allowing you to browse the web. So it's still a browser.

However, being a browser doesn't mean it has to support applets.

Re:Safari and Firefox (1)

jkflying (2190798) | about a year and a half ago | (#42770335)

There's an App for that...

Re:Safari and Firefox (1)

IANAAC (692242) | about a year and a half ago | (#42772017)

There's an App for that...

That uses HTTP...

Re:Safari and Firefox (1)

mypalmike (454265) | about a year and a half ago | (#42775273)

>> There's an App for that...

> That uses HTTP...

to make API calls...

Re:Safari and Firefox (1)

RCL (891376) | about a year and a half ago | (#42770145)

So what. If I spend at least 8 hours daily in front of a (desktop) computer with an abundant screen space (two large monitors), why should I read tweets on my mobile device(s)? When I'm commuting, I don't have much time for that either.

Re:Safari and Firefox (1)

Tridus (79566) | about a year and a half ago | (#42770211)

Yeah, and overnight all the PCs in the world vanished like magic!

Re:Safari and Firefox (1)

Mashiki (184564) | about a year and a half ago | (#42770261)

Funny little thing happened while your were asleep Rip Van Winkle. Smartphones were found under a cabbage leaf and the world rejoiced.

Well someone already made the point, on smartphones and that tiny ass little screen. I mean really now, as you get older that tiny screen is going to get mighty tough to look at. So tell me again, why would I want to read something in a 4" to 8" area, when I can look at it on a 22" to 27" area in much better resolution without straining my eyes.

Re:Safari and Firefox (1)

icebike (68054) | about a year and a half ago | (#42772015)

If you need 22 inches to read a 148 character tweet you might as well get a screen reader to read them aloud for you. Or better yet, buy some glasses.

Re:Safari and Firefox (1)

sgunhouse (1050564) | about a year and a half ago | (#42769559)

Sounds to me like they have found Java exploits posted to compromised accounts, at a guess. They're advising people to disable Java so that their personal computers aren't compromised as well..

How much personal information is required to set up a Twitter account? I don't use it, but I'd guess not much. So what the hackers gained is 1/4 of a million places to post links to exploit sites - places that may have a wide audience (twitter followers).

Re:Safari and Firefox (3, Interesting)

foniksonik (573572) | about a year and a half ago | (#42769623)

And access to any sites using Twitter OAuth credentials.

Re:Safari and Firefox (0)

Anonymous Coward | about a year and a half ago | (#42770273)

Yeah, web browsers are only for old people.

Re:Safari and Firefox (2)

NotBorg (829820) | about a year and a half ago | (#42771463)

Who reads twitter with a web browser anymore?

Anyone clicking a link in a Twitter keep alive e-mail. Recently they've taken a play from Facebook and started spamming anyone they think might be loosing interest in their network. If you're not actively engaged with a certain usage pattern you get mail.

Re:Safari and Firefox (1)

antdude (79039) | about a year and a half ago | (#42771897)

I read Twitter in my web browsers. I don't own a mobile phone. :P

Twitter should have known better (-1)

Anonymous Coward | about a year and a half ago | (#42769201)

Gay (TM)

Discrimination (0)

Anonymous Coward | about a year and a half ago | (#42769217)

I'm not happy about Oracle control over Java, but when Flash and Windows are (still) riddled with vulnerabilities after all these years, why has no quasi-governmental organization ever recommended that either of those be disabled or uninstalled from every computer? Only Steve Jobs took substantive, albeit indirect, steps to eliminate these obvious threats to computer security.

Re:Discrimination (4, Informative)

jones_supa (887896) | about a year and a half ago | (#42769229)

At least Firefox did the right thing and doesn't run plugins automatically anymore by default, with a recent enough Flash being an exception.

Re:Discrimination (0)

Anonymous Coward | about a year and a half ago | (#42769663)

No it's pain in the ass bullshit which decreases the security.

If you don't want plugins don't install them.
If you want plugins but only at certain times then enable and disable them manually.
If you want plugins all the time just leave them on.

But don't introduce a half-assed automagic double denial (in address bar and on plugin) that is only marginally usable for unimportant browsing by braindead people who shouldn't have the plugin at all and which otherwise for non-trivial use requires disabling other security and control functions like AdSense or NoScript, making manual about:config modifications, and restarting the browser all to load the service correctly and afterwards one has to do it all in reverse. Add temporary whitelisting if you're sadomasochistic.

Result:
Normal users wrongly assume someone will keep them safe.
Serious users have to wade through nonsense which makes them more vulnerable, least of all to the simplest of mistakes.

Fuck you Mozilla. Fuck you DHS. Fuck you Oracle. Fuck you Microsoft.

Anyone "impressed" by federal guidance on computer security are a threat to themselves and others. Fuck you.

Re:Discrimination (2)

pandronic (1275276) | about a year and a half ago | (#42769699)

Someone forgot to take their meds this morning ...

Re:Discrimination (1)

Anonymous Coward | about a year and a half ago | (#42769779)

You really shouldn't be calling other users sadomasochistic when you are running NoScript which breaks every other site. You signed up for this, so bend-over bitchboy, and take your configuration problems harder.

captcha: virgins

Re:Dis crimination (0)

Anonymous Coward | about a year and a half ago | (#42770495)

Nice to see you back, APK.

Re:Discrimination (1)

Stewie241 (1035724) | about a year and a half ago | (#42770553)

Yes, and they did the right thing by allowing you to choose to still run Java. As opposed to Safari where it is blocked and they give you no indication as to how to go about reenabling it.

There are two things here that Firefox solves better:
1. They allow you to choose to override the denial so that you can opt to trust a particular applet.
2. They allow you to still use Java but you have to specifically enable/trust the applets that you need, rather than it being all or nothing.

Re:Discrimination (1)

Anonymous Coward | about a year and a half ago | (#42769765)

Only Steve Jobs took substantive, albeit indirect, steps to eliminate these obvious threats to computer security.

If by "took steps" you mean "died," then yeah you are right.

Re:Discrimination (1)

Anonymous Coward | about a year and a half ago | (#42770037)

Sometimes you gotta lead by example.

Re:Discrimination (0)

Anonymous Coward | about a year and a half ago | (#42773113)

This was the best joke I've read on /. in a long time. The next time I get mod points I am going to come back and upvote the shit out of this posting.

Re:Discrimination (1)

Tridus (79566) | about a year and a half ago | (#42770217)

Windows is far more secure than Java these days. There isn't a lot of active "load a webpage and your computer is owned" exploits going around, unlike for Java where it's a weekly thing.

And The Washington Post (5, Informative)

guttentag (313541) | about a year and a half ago | (#42769285)

A New York Times story today adds The Washington Post [nytimes.com] to the list of American news organizations whose newsroom computers were found to be communicating with computers in China on their own.

For those keeping score:
  • The New York Times
  • The Washington Post
  • The Wall Street Journal
  • Bloomberg News

Re:And The Washington Post (0)

guttentag (313541) | about a year and a half ago | (#42769321)

How was my post off-topic when the summary for the discussion ended with this?

Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."

Moderation abuse? Or are you going to claim the Chinese hacked your Slashdot account to mod my comment down.

Re:And The Washington Post (1)

GiantMolecularCloud (2825541) | about a year and a half ago | (#42769655)

Or are you going to claim the Chinese hacked your Slashdot account to mod my comment down.

How do you know they didn't?

I wouldn't put it past them quite frankly.

Re:And The Washington Post (2, Funny)

Anonymous Coward | about a year and a half ago | (#42769337)

Begun the cyber war has.

Re:And The Washington Post (1)

Tempest_2084 (605915) | about a year and a half ago | (#42771451)

Begun the cyber war has.

The seaman looks up and maneuvers the boat toward shore. He cries out "I have waited three ages for someone to say those words and save me from sailing this endless ocean. Please accept this gift. You may find it useful!"

Re:And The Washington Post (0)

Anonymous Coward | about a year and a half ago | (#42771889)

The cyber war began with Tuxnet and the West's sanctions on Iran, their invasion of Afghanistan and Libya. China and India were just not going to sit around and let the West take over the entire world. They've been pushed into this war. If only the Western countries stopped meddling in the affairs of Middle East and North Africa and let those countries get themselves organized (yes it will take a few generations), then China and India can also leave the West alone and concentrate on their own countries and neighbors.

And don't bother telling me that China would make war anyway. They've been demonized way too much by the American media and the amount of propaganda against China has totally brain-washed all Americans into believing the Chinese are Evil incarnate with plans to destroy America. The Chinese are much more interested in taking over their immediate neighbors rather than make war with the States, but the Americans' imperialism forces them to act otherwise.

Re:And The Washington Post (0)

Anonymous Coward | about a year and a half ago | (#42772245)

Wow, please pass whatever you are smoking onto me - it must be wonderful.

Re:And The Washington Post (0)

Anonymous Coward | about a year and a half ago | (#42769725)

Shite "newspapers" are shite and of course their computer security is also shite. I wish they had disappeared entirely. Poison sold and branded as nourishment.

Thumbs up to whoever attacked them and please don't stop (NaziGods? Fine by me. Anonymous? No problem. Lolcats? Nyaariffic. Anyone? Good).

Re:And The Washington Post (1)

quetwo (1203948) | about a year and a half ago | (#42770791)

Maybe the hackers just wanted to read the news before it was re-written for Chinese consumption...

Does it mean... (1)

BitterOak (537666) | about a year and a half ago | (#42769301)

I'm having trouble following this. If I understand correctly, if I had Java disabled in my browser already, then my Twitter account is safe? It's really hard to tell from the article.

Re:Does it mean... (3, Insightful)

mrbluze (1034940) | about a year and a half ago | (#42769327)

I'm having trouble following this. If I understand correctly, if I had Java disabled in my browser already, then my Twitter account is safe? It's really hard to tell from the article.

If you don't have a twitter account, you're safe. This exploit was not related to what is on your browser, it was on Twitter's servers.

Re:Does it mean... (1)

jones_supa (887896) | about a year and a half ago | (#42769511)

Makes me still wonder why the Twitter representative started to talk about disabling Java?

Re:Does it mean... (1)

sumdumass (711423) | about a year and a half ago | (#42769589)

I'm wondering how Java led to a server being exploited unless it was a computer inside their network that allowed remote access and an attack on the servers from within.

Re:Does it mean... (0)

Anonymous Coward | about a year and a half ago | (#42769757)

If you can control a developer's computer, you can find a way to own the Staging/Test/QA layer. After that, your exploit is pushed to Prod automatically.

Re:Does it mean... (4, Informative)

Tridus (79566) | about a year and a half ago | (#42770221)

Someone inside Twitter's network had Java enabled, and got attacked. Hackers are now inside Twitter and can start poking around.

Re:Does it mean... (1)

SumterLiving (994634) | about a year and a half ago | (#42770837)

I'z gots me guns likn the 2nd amandment sez i coods. Cantz I jus shootz dem hackers insidz twitter.

Java in a browser?? (-1)

Anonymous Coward | about a year and a half ago | (#42769309)

Java in a browser == party like it's 1999

"manager of network did security not specify" (5, Funny)

bill_mcgonigle (4333) | about a year and a half ago | (#42769317)

Well, one thing is for sure - the exploit was written with a context-free grammar.

Re:"manager of network did security not specify" (4, Funny)

VortexCortex (1117377) | about a year and a half ago | (#42769517)

Well, one thing is for sure - the exploit was written with a context-free grammar.

I one our free overloards context welcome for.

Decode shift-pop order via.

Re:"manager of network did security not specify" (0)

Anonymous Coward | about a year and a half ago | (#42769755)

"News" organizations that can't manage to properly report "news" even when they themselves are the "news". Skyscrapers of defecation pale in comparison to the toxic slush compressed into their heads and constantly regurgitated upon their toiletpaper.

Wash^WRinse^WRepeat repeat repeat repeat repeat...

So no, not entirely context-free :)

grammar-free context!, not context-free grammar! (1)

girlinatrainingbra (2738457) | about a year and a half ago | (#42769773)

Re:"manager of network did security not specify"
.
You say:the exploit was written with a context-free grammar.
.
I say: the article was written with a grammar-free context!
;>)

Re:grammar-free context!, not context-free grammar (0)

Anonymous Coward | about a year and a half ago | (#42770701)

You got the joke. Congratulations! /golfclap

Re:"manager of network did security not specify" (0)

Anonymous Coward | about a year and a half ago | (#42769781)

It appears Twitter's manager of network... [sunglasses]... *didn't* security. Yeaahhh

bad things do happen in threes (0)

gQuigs (913879) | about a year and a half ago | (#42769329)

really slashdot? Yay for supersition..

I guarrantee that more than three organizaions have been cracked in the last week.

It reminds me somewhat of Tim Minchin at minute 2 in this video: https://www.youtube.com/watch?v=ET1-_PeExMs [youtube.com]

/rant

WTF does (0)

Anonymous Coward | about a year and a half ago | (#42769347)

"vulnerabilities related to Java in Safari and Firefox" have to do with twitter's "internal systems"

sounds more like some twits with old java plugins got their passwords swiped by malware, which is nothing new these days.

Re:WTF does (1)

Tridus (79566) | about a year and a half ago | (#42770225)

"Old" as in from two days ago?

Or maybe it's another unpatched Java flaw being used. Those are a dime a dozen.

Re:WTF does (0)

Anonymous Coward | about a year and a half ago | (#42770549)

"Old" as in from two days ago?

Or maybe it's another unpatched Java flaw being used. Those are a dime a dozen.

"Old" as in they haven't been updating their systems with newer Java updates, not even the one from a few days ago.

Dangit China!... (0)

Anonymous Coward | about a year and a half ago | (#42769443)

Stop hacking our S**T! We already got North Korea to worry about...

And... (3, Insightful)

Anonymous Coward | about a year and a half ago | (#42769459)

nothing of value was lost

Re:And... (-1)

Anonymous Coward | about a year and a half ago | (#42770229)

Got that right. I received the twitter email last night and at first I thought it was phishing/spam, as I completely forgot I had a twitter account. Turns out I registered in 2008, tweeted exactly 3 times ("check check", "is this thing on? tap tap", "hello, world") and promptly forgot all about it.

So, truly, nothing of value was lost.

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account.

You'll need to create a new password for your Twitter account. You can select a new password at this link:
https://twitter.com/pw_rst/[redacted]

As always, you can also request a new password from our password-resend page: https://twitter.com/account/resend_password

Please don't reuse your old password and be sure to choose a strong password (such as one with a combination of letters, numbers, and symbols).

In general, be sure to:

        Always check that your browser's address bar is on a https://twitter.com website before entering your password. Phishing sites often look just like Twitter, so check the URL before entering your login information!
        Avoid using websites or services that promise to get you lots of followers. These sites have been known to send spam updates and damage user accounts.
        Review your approved connections on your Applications page at https://twitter.com/settings/applications. If you see any applications that you don't recognize, click the Revoke Access button.

For more information, visit our help page for hacked or compromised accounts.

The Twitter Team

East Indian Shitpile (-1)

Anonymous Coward | about a year and a half ago | (#42769545)

Sad about java but that's happens when you hire East Indian slaves to turn your codebase into a shitpile.

Oh, well.

Corporate Responsibility (0)

rueger (210566) | about a year and a half ago | (#42769613)

I don't know (or specifically care) if I'm among that quarter million users, but it would have been peachy keen if Twitter had taken five minutes to e-mail their friggin' users to tell them.

Re:Corporate Responsibility (4, Informative)

rwven (663186) | about a year and a half ago | (#42769985)

They DID. My account was compromised. I got an email.

I call foul. (1)

rwven (663186) | about a year and a half ago | (#42769981)

I call foul.

I don't even have Java installed....and yet my twitter account was hacked due to a java vulnerability? I got one of the emails saying my account had been compromised...but according to this, that wouldn't have been possible.

Someone's mistaken...or lying.

Re:I call foul. (1)

rwven (663186) | about a year and a half ago | (#42769993)

Also...I -only- use Chrome, and nothing else. Yet this was supposedly a Safari and FF specific problem?

Re: I call foul. (0)

Anonymous Coward | about a year and a half ago | (#42770295)

You did nothing wrong.

Someone, or more than one person, at Twitter was hacked via Java. Accounts that were comprised may have been sending Java exploits when people viewed them.

Re: I call foul. (1)

rwven (663186) | about a year and a half ago | (#42771177)

Ah! That makes a lot more sense.

Re:I call foul. (1)

ScentCone (795499) | about a year and a half ago | (#42770813)

You're confused. It wasn't a Java hack on YOUR computer, it was a Java hack on a machine internally at Twitter, via which accounts were snooped. Relax.

Re:I call foul. (1)

rwven (663186) | about a year and a half ago | (#42771187)

*relaxes*

Thanks for the clarification. I'm feeling a little sheepish now.

Re:I call foul. (0)

Anonymous Coward | about a year and a half ago | (#42771973)

*relaxes*

Thanks for the clarification. I'm feeling a little sheepish now.

Don't flatter yourself. You are way dumber than a sheep.

Now hand over that fake-ID equivalent nerd card you made out of tissue paper.

Rubbish (4, Informative)

Frankie70 (803801) | about a year and a half ago | (#42770007)

If a security hole in Java running on a Twitter user's browser allowed someone to get to Twitter's internal data (i.e. not just the data of the user whose browser who had Java) - then it's a security hole in Twitter.

I think Twitter is being dishonest here.

Re:Rubbish (1)

prunedude (806692) | about a year and a half ago | (#42771803)

Exactly. Can someone explain how this is NOT the case?

That would mean... (1)

thetoadwarrior (1268702) | about a year and a half ago | (#42770067)

How can java and safari be to blame? Unless of course an employee was surfing porn or something questionable and his PC was hijacked but I would say the problem is with twitter not doing more to protection their employee machines and network.

Re:That would mean... (1)

Tridus (79566) | about a year and a half ago | (#42770227)

According to an article here a couple days ago, online ads are more dangerous than porn. Considering how many flaws there are in Java, all you need to do is get some code on any website someone visits and you can root the machine. The idea that the Twitter user was doing anything inappropriate at all is just speculation.

Re:That would mean... (1)

thetoadwarrior (1268702) | about a year and a half ago | (#42771239)

I agree it is speculation and you're right about ads. But either way, I'm glad I use Linux without Java.

Re:That would mean... (0)

Anonymous Coward | about a year and a half ago | (#42772183)

surfing porn or something questionable

Or playing those pesky computer games my mom always complained about when the computer didn't do what she wanted or as fast as she wanted.

Everyone knows that's how you get hacked. Games, porn and 4chan.

Clear text passwords (1)

drginge (963701) | about a year and a half ago | (#42770521)

Its unclear why twitter are resetting passwords. Is it simply a precaution as the password data is encrypted and useless (as it should be)? Surely in this day and age Twitter aren't storing passwords in clear text?

Re:Clear text passwords (1)

quetwo (1203948) | about a year and a half ago | (#42770817)

According to their report, they were encrypted with different salt. But given enough time and computing resources. I imagine that they would go after the better known celebrities first, but you never know who would be caught in the crossfire. Expiring the passwords was a good move since even if the passwords are decrypted, they can't get into your twitter account.

Soft targets? (1)

cabazorro (601004) | about a year and a half ago | (#42770595)

The pattern reveals media and social companies as the low hanging fruit. As long as they don't do a big hit on the 3 big ones: Apple, Google, Amazon then there is not much cause for alarm.

free software downloads (-1, Offtopic)

Nasi Ali (2831337) | about a year and a half ago | (#42770745)

download free software, watch latest Hollywood movies online, live TV channels http://freedownloadlab.blogspot.com/ [blogspot.com]

We've been hacked! (0)

Anonymous Coward | about a year and a half ago | (#42772761)

We've been hacked because of our inability to deal with known java vulnerabilities - quick say it took advanced techniques and blame the Chinese!

How is their head of network 'security' still in a job?

Java vulnerabilities in the BROWSER? (1)

mr_mischief (456295) | about a year and a half ago | (#42773691)

No. Internal systems that are secure do not get compromised by rouge clients.

Could it be that someone used Java in the browsers to snatch credentials from users on their local machines? Sure.

Could someone infect a browser and that cause Twitter's network to be insecure? No.

Call me web 1.0, but... (1)

R3nCi (2729667) | about a year and a half ago | (#42773731)

This is an awfully good illustration of one of the many reasons why I don't drink the social-networking Kool Aid. I make exceptions for Goodreads and RateYourMusic, plus a few forum accounts, but that's it.

Hack twitter? (0)

Anonymous Coward | about a year and a half ago | (#42774639)

That like having you grass clippings stolen.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?