Wired reports that the 18 year old hacker (age is not relevant but it always fun for the media to point out that some “hacker” is still in his teens) responsible for breaking into Twitters administrative account and gaining access to several celebrity twitter accounts used a password cracker that busted through the weak password of “happiness” (here)
The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password “happiness.”
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
“I feel it’s another case of administrators not putting forth effort toward one of the most obvious and overused security flaws,” he wrote in an IM interview. “I’m sure they find it difficult to admit it.”
In other news the Register wins the “best title referencing the Twitter hack” of all time (here)…
If only they had Splunk deployed…
does Splunk have password auditing capabilities that can run against web based accounts?
Shameless plug for Splunk much, SimonSays? Last I read they were a log management company. Now if you wanted to scan for web application vulnerabilities you’d want something like WebApp360 from nCircle. Their enterprise quality web application scanning can be tested out using their free PCI Scan Service.
did the Twitter Admin change his password to “sadness” after he was hacked? haha