“Happiness” my new password for 2009

twitter_hack

Wired reports that the 18 year old hacker (age is not relevant but it always fun for the media to point out that some “hacker” is still in his teens) responsible for breaking into Twitters administrative account and gaining access to several celebrity twitter accounts used a password cracker that busted through the weak password of “happiness” (here)

The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password “happiness.”

Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.

“I feel it’s another case of administrators not putting forth effort toward one of the most obvious and overused security flaws,” he wrote in an IM interview. “I’m sure they find it difficult to admit it.”

In other news the Register wins the “best title referencing the Twitter hack” of all time (here)…

Advertisements

4 thoughts on ““Happiness” my new password for 2009

  1. Shameless plug for Splunk much, SimonSays? Last I read they were a log management company. Now if you wanted to scan for web application vulnerabilities you’d want something like WebApp360 from nCircle. Their enterprise quality web application scanning can be tested out using their free PCI Scan Service.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s