In case you needed yet another example of why a simple password can
come back to haunt you, a recently hacked Twitter account should have
you heading over to your account settings. Daniel Dennis Jones, who had
the Twitter handle @blanket ,
discovered that he was not able to access his account and realized that
his password had been changed. After digging into the issue further, he
found an alarming number of security flaws and lack of preventative
measures on Twitter’s end.
There’s a black market for Twitter handles, where commonly used names
are being sold for less than $100 or simply being handed out to friends
for what’s come to be known as the “lulz” — an Internet meme meaning
“just for laughs.” Turns out, this is exactly what Jones fell victim
to.
Jones’ entry into the world of Twitter jacking began on Saturday when
he was notified that his password had been changed. However, he was
still logged into Twitter on his phone and eventually was able to gain
access to his account via his email address only to realize that his
user name was changed to the very NSFW handle @FuckMyAssHoleLO.
Otherwise, nothing else on his account had been changed. After some
digging, Jones had discovered an underground network of young kids who
were jacking Twitter accounts with common (and short) names for pocket
change. @blanket, he found was selling for only $60.
Jones recounted his experience in Storify: “Twitternames that would have high value due to brevity: @hah, @captain, @craves, @abound, @grinding.”
The medium for selling cracked passwords that @blanket and other
hijacked accounts were being auctioned off was ironically through
Twitter, and also a forum called ForumKorner. If you visit the forum,
you’ll find anonymous individuals selling anything from jacked Minecraft
accounts to Twitter usernames.
So why is it so simple to crack Twitter passwords? First at fault
might be the user. Simple passwords that can be found in the dictionary
can be easily uncovered using the Brute Force Dictionary method. If
you’re using a password like “Zebra” for example, it’s only a matter of
time before the algorithm that rapidly inputs dictionary words to crack
an account eventually enters the correct password, “Zebra.” But in
Jones’ case, as he explained to Digital Trends, the password that he
used was not as easy to crack as you might expect. His was a combination
of a name and some numbers.
More notable is the way that Twitter built its security and account
input system makes it easy for anyone with the right program to hack the
account. What Jones discovered was that Twitter seeks to prevent a
large number of attempts that a single IP address attempts to access a
Twitter account. It’s a weaker system that makes it susceptible and
easier to hack. Most social networks will only offer a limited number of
attempts to access the account itself. What this means is that simply
by using multiple IP addresses, through a proxy for example, and an
algorithm that changes the IP address (before the CAPTCHA pops up), you
can attempt to breach an account for as many times as the number of IP
addresses that you’re using.
There’s an underground, albeit rudimentary, economy for stolen social
accounts that may not be at the forefront of our minds like identity
theft and the sales of social security IDs, but does in fact
thrive. Jones was briefly immersed in the world when he went so far as
to talk to a purported Twitter jacker,
who was just 14 years old, and explained to Jones that Twitter was
particularly easy to crack when compared to a site like YouTube.
He also learned that some of these kids are contracting hackers to
hijack specific accounts, whether to use for themselves or to “give to a
girl,” which was the reason that @blanket was targeted. ”These kids
decide they want a username and just sit there and wait for the jacker
to get it for them,” Jones explained. ”One kid I saw on Twitter, said it
took him 3 or 4 hours to crack a password for a username that he
wanted.”
If you’re using a vulnerable password, it’s really in your best
interest to change it fast. If you happen to get your account stolen
it’s unlikely that you’ll ever get it back, although Jones did get his
account reinstated but only likely after publicizing his experience.
source : digitaltrends
Tuesday, October 2, 2012
Monday, October 1, 2012
Illegal Downloaders in Japan Face Two Years in Prison
Under a new law that goes into effect Oct. 1, Japanese internet users
who illegally download files face a 2-year prison sentence or a fine of
up to 2 million yen ($25,700), the BBC reports.
Theoretically, pirating just one file could get you in jail and — under one interpretation — using a service such as YouTube, which temporarily stores video files on your computer, could be illegal.
Downloading copyrighted material has been illegal in Japan since 2010, but it did not incur such penalties. Uploading, on the other hand, is a far worse offense, with a maximum 10-year prison sentence and a 10 million yen ($128,400) fine attached.
The law was passed under influence of the Recording Industry Association of Japan, which cited a 2010 study, claiming illegal downloads in the country outnumber the legal ones ten to one.
Japan has been on the forefront of the anti-piracy fight in recent years. The Anti-Counterfeiting Trade Agreement (ACTA), a international treaty designed to protect intellectual property rights, was first created by the U.S. and Japan in 2006. The treaty was abandoned after a strong public movement against it in many countries, including the U.S., Hungary and Poland.
source : mashable
Theoretically, pirating just one file could get you in jail and — under one interpretation — using a service such as YouTube, which temporarily stores video files on your computer, could be illegal.
Downloading copyrighted material has been illegal in Japan since 2010, but it did not incur such penalties. Uploading, on the other hand, is a far worse offense, with a maximum 10-year prison sentence and a 10 million yen ($128,400) fine attached.
The law was passed under influence of the Recording Industry Association of Japan, which cited a 2010 study, claiming illegal downloads in the country outnumber the legal ones ten to one.
Japan has been on the forefront of the anti-piracy fight in recent years. The Anti-Counterfeiting Trade Agreement (ACTA), a international treaty designed to protect intellectual property rights, was first created by the U.S. and Japan in 2006. The treaty was abandoned after a strong public movement against it in many countries, including the U.S., Hungary and Poland.
source : mashable
Subscribe to:
Comments (Atom)