twitter security

February 21, 2009

Disclaimer: This is too long to fit in a twitter post so I’m using my blog.

Introduction: The past few weeks when I’ve tried to use my twitter account, but I’ve been “Locked out!” and get this message from the website:

                ” We’ve temporarily locked your account after too many failed attempts to sign in. Please chillax for a few, then try again.”

Since I have not logged in to twitter in a couple of days that means something or someone is trying to hack my account. I’ve noticed several of my friends have had their accounts hacked and used to post ads or links to harmful software and/or websites. I have yet to have mine sucessfully hacked; however, my password is currently fairly weak. (When I can log on to it again I will reinforce it with a stronger password)

The problem: twitter is an open source software that provides it’s code to the public so anyone can develop web apps, iPhone apps, desktop gadgets, etc that interact with their servers. This just makes it easier for scammers, spammers, and hackers to understand the system and what they need to do to get your account info.

How they do it: the organization or individual gets the tools from twitter to “develop an app” of some sort and use it to develop an account hacker program that types in random usernames until it finds a legitimate username and then tries to guess their password using common words and number combinations. (typically cross-referencing a dictionary database)

How to keep your account safe: this applies to twitter, facebook, or anything computer related really. Use a strong password that is not easily guessed. It is important to use a password that you can remember; however, by just typing in something like “dorothyKansas”(without quotes) is going to be picked up on quickly by these password generating programs. If The Wizard of Oz is what you make your password off of I would recommend redoing the aforementioned password as “d0r0tH3k4Ns45?!”(without quotes). This is a process called leet speak, which replaces letters with numbers that resemble that letter. It is like when you’re in algebra class in grade school and you’re trying to spell your name out on the calculator… . In this example, I’ve replaced the letter ‘o’ with the number ’0′ and capitalized arbitrary letters (some, but not all passwords are casesensitive, case sensitivity adds much more security) then I replaced the letter ‘y’ with a ’3′ as in the worth “Dorothy” the ‘y’ sounds like an ‘e’ and an ‘E’ looks like a ’3′. Finally, I added arbitrary characters at the end, using “!,$,&,*,+, |,}” or any other key on your keyboard is helpful (some sites do not accept some, or any of these characters).

Notes on passwords: we look at an ‘a’ and an ‘A’ as the same character and a space is nothing at all. After all, we’re taught from preschool that lower and upper case letters are the same thing; however, to a computer they’re not. Each character on a keyboard represents a command that you send to the processor and when you push that shift key you’re sending an entirely different command. Thus, just by capitalizing letters that you would not normally capilalize adds a whole nother level of security to your password.  Also,  very few people think about the shift+’number key’ characters, especially when it comes to passwords. Using these in your password helps as well.

Conclusion: Many of the people hacking twitter are just looking to use you to advertise their site, product, or virus.  They’re also lazy. The software they develop to hack you is only programmed to run off a database of words and commonly used characters. Basically they cross reference a dictionary database with your password entry field and hope they eventually get lucky. When we take the time to really secure our passwords, these people will typically fail; we’re not worth their time when they can easily hack someone less careful. It’s like being in a neighborhood you don’t live in with a laptop. You’re going to keep driving slowing down the road until you find the family that has no password on their wireless network before trying to guess the password on the network that does have a password. Most websites have a fail-safe mechanism that locks the account when it is attempted too many times, like my twitter account; this is great, but is an untimely  obstical to the user- especfially if its your bank account and bills are due today. Finally, the most important thing with passwords is being random, a randomly picked password has no affiliation with it’s user. If I love Mountain Dew, and everyone knows that, then my computer password very well may be “Mountain Dew,” “mt.d3w,” or “m0uT41Nd3M,” which would be good and solid against this twitter hacker, but not so much if someone were in my office trying to access my files for some odd reason.

Keeping your passwords safe is extremely important in this time of digital identity theft. Anytime you’re on an unsecure website you need to know any information, passwords, or credit card numbers you provide on that site are at risk. However, by taking just a few moments to think about the passwords we create can greatly increase our safety.

Final note: It is much easier and conveinent to have just one password for all of your websites you visit. Afterall, Facebook, Myspace, Twitter, Amazon, Ebay,… and the list goes on… , they all require a username/ email and password. If your username is your email and your password is comprimised on one of these sites then all of your sites are comprimised. If an actual person is behind it, they may go and try those very same username/ password combination on your other sites leaving you very unhappy. I recommend purchasing a jump/thumb/flash drive that is dirt cheap, but good quality. Get one with just 1GB of space on it- its more then you will ever need. Plug this into your computer, create a word document and put all your passwords/ usernames together on document. If you have MS Word you can password protect this file. Then save the file to your jump drive and store it somewhere secure in your home, like a safe. If you have other important documents on your computer, like tax information or anything with your social security number, this would be a good practice as well. Since most computer’s are still accessible when not being used, there is a reasonable amount of danger leaving important information on that computers harddrive, unless you turn it off.

Digital piracy is the new craze for smart people who are too lazy to get a real job; however, if we take just a few simple precautions we can make sure we don’t get caught in the lifeboat without paddles.

Advertisement
Posted by xjchcxx
Filed in Uncategorized
Leave a Comment »

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.