|
|
Twitter Attack Vectors?
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
Had a friend who's twitter account got hacked yesterday, and I'm trying to figure out how it happened.
I'm hip to virus tweets, but this person doesn't really use twitter, so I don't see it having happened that way.
Any ideas?
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status:
Offline
|
|
His password was probably 12345
But seriously, it could have happened through getting his email account hacked. I don't have an answer. Just make sure you have two-factor auth on your Twitter acct.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
I'd be surprised if her password was any good, but do people actually still try brute force login attacks?
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status:
Offline
|
|
Years ago Twitter allowed it, and then shut that down. I only read about things as people write about them, so I don't know anything past that. There are other ways - like using the same password on Twitter as another site that got hacked. That's why all my passwords are different.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
This person has poor password hygiene, but I'm assuming twitter is the only account compromised because they used it for a phishing attack. If they had multiple accounts on this person, I'd assume they'd want to leverage those accounts, or look for more, rather than burn the asset looking for more twitter accounts to compromise.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status:
Offline
|
|
Question: was their account actually attacked, or did they have a third-party app with access to their Twitter account doing this?
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
No idea. I'm assuming the former.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status:
Offline
|
|
Ok, because a third party app can use your Twitter ID to send spam as well. Changing your password won't fix the issue.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
I'll check into that. Thanks, BTW!
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status:
Offline
|
|
my twitter was hacked, and I had a decent password. Don't recall if I ever knew the cause, just changed passwords. I use a "base" plus "codeword" system. It was sending spam to my contacts via PM.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
I use 1Password, but it's too quirky for me to feel comfortable handing it over to a muggle.
You're a wizard, Andi. You can totally handle it. I highly recommend you get either that or LastPass. LastPass is cheaper.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status:
Offline
|
|
LastPass is cheaper but doesn't have the same encryption functions 1Password does. 1Password wins in my book.
EDIT: Mavericks has a password storage system as well, but I'm still running 10.8 so I don't know how well it works.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jun 2000
Location: inside 128, north of 90
Status:
Offline
|
|
apparently I bought 1Password with a macupdate bundle in 2011. Huh. Ok then.
Do you all use the dropbox sync for the data file, or does that defeat the purpose?
(
Last edited by andi*pandi; Feb 26, 2014 at 07:20 PM.
)
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
Use the DropBox sync. The keychain is encrypted.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Same here, 1PW with Dropbox.
-t
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status:
Offline
|
|
I suggest you use the DropBox.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|