Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Password != secure

Published: 2009-05-01
Last Updated: 2011-01-24 23:44:54 UTC
by Adrien de Beaupre (Version: 1)
1 comment(s)

Reading a story on how an attacker broke into the administrative interface to twitter was the following quote: "One of the admins has a yahoo account, i've reset the password by answering to the secret question. Then, in the mailbox, i have found her twitter password." Social engineering and good guessing trumps security every time. Twitter have confirmed the intrusion, so sad but true. No hacking necessary. I could probably rant for hours on the subject, but most of you know the story. Enough said.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Keywords: twitter hack
1 comment(s)
Diary Archives