Comments on: Brute force attack on Twitter

By: kfcguy

kfcguy — Mon, 12 Jan 2009 23:29:40 +0000

More entertaining version at
youtube.com/watch?v=AVMW3Dq2KSY

By: coffee

coffee — Sat, 10 Jan 2009 03:38:24 +0000

did the Twitter Admin change his password to “sadness” after he was hacked? haha

By: c0smic

c0smic — Fri, 09 Jan 2009 17:17:52 +0000

ahhaha .. i think i need to update my dictionary list .. “happiness” will be top 10 in the que .. lol ..

By: IceBrain

IceBrain — Fri, 09 Jan 2009 17:07:30 +0000

The best method is what PHPBB uses, imho: if you fail 3 password guesses you have to enter a captcha along with the password. The process would slow down so much that a good password would take days to find.

You could also, after 10 or 15 bad guesses, disable the login for that account and send an email with an activation link.

Even a dictionary attack would probably fail to find ‘happiness’ with just 10 tries.

By: bencoder

bencoder — Fri, 09 Jan 2009 14:39:59 +0000

Coderer: Awesome… so if I want to lock someone out of an account all I need to do is make a script to enter a fake password every hour or so.

By: monster

monster — Thu, 08 Jan 2009 22:47:34 +0000

my passwords are all as brute-force proof as possible, i have all my passwords set to zzzzzzzzzzzzzzzzzzzzz

By: steve

steve — Thu, 08 Jan 2009 21:12:45 +0000

@shadyman

I thought for sure no one else would get that sed joke.

sed -e ’s/hacker/cracker/g’

By: tecNik

tecNik — Thu, 08 Jan 2009 20:42:48 +0000

Tw[i/a]tter example:
“Today as I was walking down [address] I was frustrated about the number of cameras, rfid’s, etc that track my every move….”

irony-zing.

I keeps my knifes sharp incase I meet anyone that twitters about updating there blog. =/

(Excuse the double post > tags messed it up and with no edit…)

By: tecNik

tecNik — Thu, 08 Jan 2009 20:39:58 +0000

Twtter example:
“Today as I was walking down I was frustrated about the number of cameras, rfid’s, etc that track my every move….”

irony-zing.

I keeps my knifes sharp incase I meet anyone that twitters about updating there blog. =/

By: Coderer

Coderer — Thu, 08 Jan 2009 17:30:55 +0000

It’s *so easy* to prevent brute-forcing, yet few do — @TJ, who said “it’s not software vulnerability”… yes, yes it is. Three (/four/five) retries, then you’re locked out for an hour. Bam, I’ve solved your problem, where’s my big fat check?

By: Jake D. Hipster

Jake D. Hipster — Thu, 08 Jan 2009 07:55:13 +0000

“Since we know how much you all love twitter,”

Nice :)
I like that.

By: the game

the game — Thu, 08 Jan 2009 04:00:11 +0000

internet hate machine

By: Shadyman

Shadyman — Thu, 08 Jan 2009 03:58:21 +0000

@jkb:

It looks like you forgot the ‘g’ at the end. The comments still seem to be unchanged.

s/hacker/cracker/g

Fixed it for you :)

By: TJHooker

TJHooker — Thu, 08 Jan 2009 02:13:21 +0000

@#7: Maybe under some other ideology. The majority of them have no software engineering skills. They exploit stupidity; under your statement that insinuates the stupid people are in the social majority. Kind of makes sense I guess.

The most skilled person on 4chan probably runs metasploit or milworm modules. Which apparently fail because they got into myspace and a lot of other places by trivial means- such as weak passwords.

By: Drew

Drew — Thu, 08 Jan 2009 02:09:19 +0000

first palin now this, this is awesome no one is safe from hackers. you know if your famous its pretty much inevitable that you will get hacked it seems.