Comments on: Explanation of How My Twitter Account Was Hacked

By: Tweets that mention Explanation of How My Twitter Account Was Hacked | Sue Waters Blog -- Topsy.com

Fri, 06 Nov 2009 04:33:27 +0000

[...] This post was mentioned on Twitter by Mitch Powell, Rebecca Ruhlman. Rebecca Ruhlman said: Explanation of How My Twitter Account Was Hacked: http://bit.ly/2UCLyE via @addthis This seems to be the consensus of what's going around. [...]

By: Gold Coins

Gold Coins — Wed, 29 Jul 2009 16:53:38 +0000

I do not think hacking is good because your giving huge problem to users. I hope this kid will stop hacking and to those people doing the same thing.

By: Jielea

Jielea — Sun, 03 May 2009 01:02:26 +0000

I have account in Twitter and i am afraid that my account will get hacked. This 17 year old should think about the damage it will give to users. “I am aware of the attack and yes I am behind this attack.” Is this really true? He feel proud about this. This is not cool.

By: Sue Waters

Sue Waters — Sun, 19 Apr 2009 15:55:36 +0000

Hi Cait and Damon – just letting you both know I’ve updated my post (again) to include Damon’s post plus more explanation of the attacks including the latest on April 17.

Unusual situation for me since I wouldn’t normally update a post as I prefer writing a new post.

PS I’m not sure about you two but twitters lifting of the follower limit which has contributed to an increased number of daily twitter follower requests is really starting to annoy me. Wish that twitter would make all our lives easier by including the users bio in the email.

By: Sue Waters

Sue Waters — Sat, 18 Apr 2009 09:33:53 +0000

@Cait technically speaking my non-geek status is in question because I was able to easily understand his post that was well written.

Would love to update my post however keeping up with my work load while traveling is hard. Writing a post for The Edublogger will be my top priority when I get a second.

@Damon yes was watching Twitter earlier and noticed some talk about another worm. At the moment I’ll stick to just using 3rd party applications for following people. I wouldn’t like to be twitter’s technical team having to deal with this security issues.

By: Damon

Damon — Sat, 18 Apr 2009 09:25:59 +0000

On a somewhat depressing side note, another variant of this worm hit Twitter on Friday (4/17). It only affected people with Internet Explorer and Twitter cleaned it up within a couple of hours, but simple evidence that security is an ongoing challenge.

By: Cait

Cait — Sat, 18 Apr 2009 09:19:31 +0000

Damon explains it very well, so your non-geek status is not in question

I think you can update your blog now.

By: Sue Waters

Sue Waters — Fri, 17 Apr 2009 12:56:30 +0000

Hi Cait, thanks for the link it was an excellent article and while I’m not a coder (as such) I know enough to be able to understand your explanation — and yes would like to update the post

Thanks Damon for dropping past. I did go over to your blog post and read it when Cait left the comment. On the scale of 1-10 in terms of extreme — this week has ranked as a 10 extreme week with minimal time . Traveling for 10 days to present at workshops and connect up with people. So it was fantastic that Cait dropped past to provide me an update with your post so that while I couldn’t update my own post I was able to learn why what happened happened without having to research it myself.

Was also nice of you to come past and explain it all in simpler terms.

PS don’t either of you tell anyone I was able to understand the coding type talk in your post — it will ruin my non-geek status LOL.

By: Damon

Damon — Fri, 17 Apr 2009 03:00:57 +0000

Hi Sue – Damon from the blog mentioned above ^^^^

As far as I know, Twitter finished addressing this issue on Monday of this week. As you saw, there were a few different versions of the worm going around. But Twitter seems to have contained them all at this point.

A summary of what happened is that on your profile you have several fields you can fill in – bio, name, url, etc. While that information is usually benign content, the worm author apparently figured out he could put some nasty code in there that would execute when you visited a hacked profile. Fortunately (it could have been worse), all the code did was post an update as you and then update your profile to include the nasty code as well.

Typically that type of code shouldn’t be allowed in those fields, but Twitter made an error somewhere that allowed somebody to put extra things in those fields besides your name and url. As mentioned, I think they’ve got it fixed up at this point.

Hope this helps!

Damon

By: Cait

Cait — Fri, 17 Apr 2009 02:45:04 +0000

Now this may be heavy going (for those who don’t read code), but it’s an excellent port-mortem analysis.

http://dcortesi.com/2009/04/11/twitter-stalkdaily-worm-postmortem/