|
|
|
Twitter Hacker Abused Yahoo to Get Administrative Access
By: Brian Prince
2009-04-30
Article Rating: / 1
There are 1 user comments on this Network Security & Hardware story.
A French hacker claims to have accessed Twitter's administrative panel by breaking into the Yahoo e-mail account of a Twitter employee with administrator access and stealing the employee's password. The hacker reportedly was able to view data belonging to President Barack Obama, singer Britney Spears and actor Ashton Kutcher.A French hacker reportedly used social engineering to get Twitter
administrative access and posted screenshots of data belonging to several
high-profile celebrities.
The hacker, operating under the handle of Hacker Croll, posted 13 screenshots of
Twitter's admin panel. The screenshots include internal data for accounts
belonging to a number of high-profile figures, including Ashton
Kutcher, Britney Spears and President Barack Obama.
Officials at Twitter have not yet responded to requests for comment. Still, indications
are that the screenshots are legitimate and that the attacker may have
hacked into an administrator's account by first breaking into that person's
Yahoo account and stealing his or her Twitter password.
In a post in an online forum, the confessed hacker said he used social
engineering only"no exploit, no XSS vulnerability, no backdoor, no
sql injection." The hacker wrote:
One of the admins has a yahoo account,
i've reset the password by answering to the secret question. Then, in the mailbox, i
have found her twitter password.
The reported hack follows a wave of worm
attacks against Twitter earlier in April. In that case, the worm was more
of an annoyance for users and is not thought to have caused any actual harm
beyond sending spam.
Enterprises are increasingly worried about the impact social networking
sites like Twitter,
Facebook and LinkedIn can have on their security. According to an online
poll conducted by Sophos, 63 percent of the 709 respondents worry employees put
corporate data at risk by sharing too much personal information via their
social networking profiles. The poll also found a quarter of the respondents' businesses
have been the victim of spam,
phishing or malware attacks via sites such as Twitter, Facebook, MySpace
and LinkedIn.
Facebook was just hit with a phishing scam earlier the week of April 27 that
attempted to trick users into giving up their Facebook credentials. The scam
begins when users receive a message with the subject "Look at this!" that
contains a malicious link. If users click the link, they are redirected to a
spoofed log-in page.
Sophos
advises organizations to make sure all employees are aware of the impact
that their actions could have on the corporate network and consider filtering
access to certain social networking sites at specific times. In addition,
businesses should review their settings regularly to ensure that users are only
sharing work-related information with trusted parties.
"By adopting a more holistic approachincluding investment in greater
security and control solutions, as well as offering comprehensive user
educationorganizations will be better equipped to deal with social networking
risks," Graham Cluley, senior technology consultant at Sophos, wrote on a
blog.
|
|
�������x}ks8q�8c"�)%[dy-%n�EB��%)�˩'o�Ћl'IflK���B7?K�i;acqE1�>=zg{HRmo履��M#T3J.��:Aj&!:,t�}w5�k9��25���z=�>�;|�9|@Dj��%�j'AU1c{zu_6ژ2zٱ9گ1�f��E63JG�}9Dm@�~5;�sV3�!&H}8�K�_r�Q�;i�EGac�o~{Xe�3��76m( ��)�^b&{�Be4��%�;^7S���FV����X]~�j4Lߵ��Z~�8�
b'*#O^3l��b�H�A5a�9p<�v4�#A%�;q@ؓ�Y�*8N.J^tX�}:|p��x09Ri J%jfMM�yf��_%z�0s�w
n04�p;܀brCNeC~#�k7� -� �Fֶ�?+�Q�"**R>z�j� I��%�Pa0c5Cr�Ija�>E�4bEQrH,'I!?Zu$uyX&�R.*C A-�t�㝩S9k<_rܴ.�ݛ�9^FCCRL-rG=����j�iT��%%�FI&�u:%�Io7o�N��47QZh,7/3$d|rZ~@X
,>JAͬ���4��o��o SE@�-�ujg��kU���ykQ
4�3@_x0F�D93滋Sf�I�U3(,e��gy M���H��:Ɯ5Ŧ]`)exJ��$%/^PEP샚_[�2jJTw1K7CD� r2#~�B(��PHQ��>�b/\f~�
fy՜(�YWf.�o�r�<�Κf.~4{y�T��364>P�,I�!eݴ%�mQMm{Q-�c1x+EY��ܡ;=|�Qnىl�2X��bXvP7HYAV݇`: i��vڔzjS�OaΦաfۉ!9~��4D�AC66^lzK�4}b���>'ݨä��p�V83
5fCuәݰ�=��U�ԇ9[ͨ`�I
�l"�v|3c)м`y�&nAܙ@[S衟�#]ӽ�:��?@����������2/?6�f�xşP�}M�rA=S9;ʹiǀxԘ�0$72Z %n.G)$C�]Pv9�B�
B�!L��0 H��V�(V� a�+B
.��u@�GR�;�X|(�5a`b -x[b�~I�Lg2+YPv/[LboD��K7�]�,�S�m�3-m�u{VKy�6
��ʳZ`L�ơ�yJSr!�G@)&a*d6�ҲG�c�0`�,�1 7R��iBI1?,x�P7G#S7a�<:ڤ"Tl2q)(�f+7/�T�Rԛ��Ȣ�&5Ss[:dfLAuϙ2h� Jd@`WrfƦ.pwGeҳ{>�Ijki�/�UsHj�`>��7nZATM��2�t�͏E=kb�$`~��
?L2f��ˣ(�U2LF%?Io�k���SsdR6qoaVT9ȹ�#��7~�՜Z>VRP(,[,D�1ȁ2n?�ҢMVREj6N��ЃX`�i�h�
f:���3?�RlC48c$4(̕6A�XXPQ��- ���f ���%�lDo2tJ.,�k>uM^^X+YsuMٕ.R-}2Gt4]7#�V!0�(|pD30`Lji7!IF+EU�T7q2,�syEq?O~�6��=2eX]2X�rFe9A�5n\I�Rw]t)E1Y�8��
n9z6|��J 0FBċV٩R�lQؼ;(k�N�4:E�80�9Ni-6q�$�TJ _
֚p성 �.}"}-v9
��F�07�f/|P"X
8�lkC����LΧRETƸ���~��h�bAZ�qSE��nA$_�
VT!RB3�=?w�2_!��*~7�9~:Tʕ|R=�(qA)˨h��*(S$i|0ȁ3���|:0Nܷ7T�Fn�?;��Jo�o���^:J3;�g�,`�� |�/,yj�ȗaE�Ӆ
Z?_Q@V:6őG@=q?@TEetXܚ 0��(E{耰�⢉�!H{3����4�pý22U\zT
u;O/. v�|vKF�A[$�`@"�KjZ�Ev��*b5�6>
�09Nf~+ӥ��
[ݮ�#fU5>L*k}��\UrJ^a߯YQ�X^ :������i3
9���wqߎ�XA�m�k+sD
�ü�
�|30Jјlhwl^Qm(}�gn�L[t7up]goZ7@kEP7ƹ�6<�sƃ~�wB�Y@FH_
ϼ��BN�7xlx��P�v;��]Qbb蟗/�9E�W�|փ�[36PߙW4TMg�rXA70p���&��?ۙ+7~3esr6�_�?�M=�[LG�zɖ0
0]sK��l\7�b Z 1����Tow\Kp;Ѝ쪟q#�ta7pՙ+J�{wi�ŏhȇ�rnfُCjQ� �qSg�R%�y�Vp8ȫ4X+�#t�0�/�7" ތb��l[
e|פt�ՕK��Oe3q1�8@X=�y}�`6
�5]sJ�_n@�1T}fa2N4{�ae\&LX4@�Z��*͐[YQa'.S+%,< ���<�d�U4^�U&.R�.xTIƝ
RAU� U`r\�eO�a#1
�ƈ���Q@
ʃR< GYdA��|a+R?,p,g(
�l9H(P Yr>Gɷo��fCmCXp|
^?I�H�HD�>DQkZ\{e"��nx|*n�gF�Dssbh^js~`�zVr��]�
-��$P�) WA�h�x/O00<�qt"Jatj/H^eg˾tV�t�z5�O_u{~{y[�|L.~A`�}�݇?V�0�hq'uhvD��-ί/�RS?oS,/M[Uez�NR(��1Y�bwm\ɾRzQ^�ta
g0F@q�ɁtnGԯ[bO5?wLڭ˦u�߽�<�rLp�B[G,=
Y#BlfS \�vpgA�Ȕst_z0LQ}����B_�KѼĂ!KQל$�"J*\N3$nP�%]?8фWko#8
�Bb.�3ۿ!lB<ևA���5@�kNF4Zvct{Qfpmw}h��!�酘:%�e�}E/ciA�I"Q6#=)#�hYyڽsKج��}AF_�֧f�[Xo)�?Oů1O&�8��~�ɮP6�hL�Uf:nh} �!)����V��l79/g�`1Yppz�K1xc�.A-Xly
zsD&aP;DN[3pq*hhw?��%{ݝ&�h�gIs ��ذq�;eΫ� Pf|f��v�,N�ݗ�W�3l{Rѵl�js2M �.`��g�h;[�R��r'x"64�lY7y"Kx�~4qjܘƘ��9X�j8:�˲1q>~<,�?4f8?n5_~_�&'MЯ�>� [0;#|&~6x�_GM{@uS棏g�
ڝ9�j�rĸ~jUs=lK_5?K�{vOKr4�]9fn'�Ucd{I2ӱ$Bd�Eͪ2�ʾZEVdΜtٓsx|4r�,�#Q�d1��P2QtI�JG3[g̞�x~KW�bR�c8_�C�?����w.er@r@pSx&{ZgEQJ=�qu@kjqR\�?//s`\T�zH^8�Xڃ}coD:*pc^M�m`��\qlĨ`b�x?�9�3fdl3_}X`ˤ⯷z�{⟬_q��K&~g!ooe�˹t�w�O;{�:l0���s!կ3%_x&Φ)exs8�ӟ�ϩmR�oz$�+*D� }u��pa\t<ĉ������q\7]~�.�NĽ1}�iDk_�WlL꼤�
#E~mS 1s&2�?KY�3abF�vqx/Naq0F�Qn*�a|��m;)zb<9z#Cq
$�f�0X`�1;!Y܁Idy§�cU�[�%y�0%|K}g�~l47d�P��b 2ڷc-�%��&đ (+�(r_3,v0
F�/�L5v,Bg(MdjJ,l�v1 {?oA$e2KR&q�S n{%_>,+�A|bR)�+aX*
&P:+G6�Zϫ˚�ZwҕAR��H{G �GDg5[R�yE��Ǔ,�E��AXh#,a-xDv��RYO@8��\۾�kv�ER*G�SG})ay8$g,l��'�SK�
� �O0͈tt8R�MV|,* &`
,Z�?}"�DT�I �a�[$EV+�+o �N#Q(4'0ᶌ)F�8�B[R�+��&G*9K�� a�%��ھ }��2�@C4Txq]$2 s�&P@�R}�ۓRWJ
!)9"�����zcXK�쬲B� ����t1m@*߅�'!:vAmߒK?9O[D�$>�@fb�H��.ws
^�廠�1킅.���Ř�&%BЕ��Cā%��M
okd\:�m&�-�v
0���@D�y),�eԵ�*mgjN1� �mRt(�0��䱛I�����/cW
>`oFj<��QН^۩vSx@�`a�ܛ8tY�UX7�8|�!�wavEͪE�*j�� �2,�3)IWNm�תuҁգ3(�|u!w7 5Ԓ@+ly�zR:~:.�ȟr�ݷ�T|�#
�ȿ2np9rO|�gv]lW"
fOߘo{�5BQt/&ka*2$;1יLHJ�~P}Aͼ>V�4d
nY�[`cXˍ�E90m5m�Y֣S玮d5|VR�jj$&24;BP��� d^k�©وj|ubC$4F87?�/~
S)c2] Jf�9L9h`
�n�E1��'j��1��;>92�1W9(cA�5�~//u~����sȗy�ꖵ\�'K��}c>^4bVd=-DO?\u'@vQ]Q
f6o�7.��:̒vKC.8,̛E{� Dc6r
�C�
|9@G)�[1HS�bͻ^0G_'uB~b�C:L:_�8<�d5B&t�85���{�nrl6�-�'D#�(9�Q��r�z�x�z^-�1ш�x0a6c�1�^w] :C�:ȑ0�|趮��#D[/d �6C�H$6��g8F�l|�>_c�(�M�9.tq"�@�[� g
��#��?B5D���*%Bmn$>�tϬϐ)
&�X`��k�t-�5J
�ѦqP`nN�l85�$pYǥ}-+j9;�Y0�Dz��f>�in0�(X�&]B$��!%�H$b^�9a~cmrD7=}>�V�Su/����{x���hZ'e~:0N;���Io�IO�I��賓B�N
}"^�H)CS;PI)LK�L..ȟn|ȗ+�R�N�2�2>_?Ao�}O�P!�!e|���Rw�7i@7){�ߤ�wBI]'I)z�)|V
)��IJy1S;Ib Ee৴rXB]�By<+<^`]k W)x.3�{ 1�[?[ZWFr]!,.eqp+W�^6im4�vˋa7q_l �_zi�
k{p��sL+��>2l?V\[[,Oн�ۺ{'gϝ9i҇�se=n��7[O'i��krhxȝG-�9'чfn:, ��4!=}mv}oND1K�.1_w)�Q�o�e*m3?�`$Z =��7]�6ppSݮ%�gpK|�*2��Ӛܴ_HkTl<-u&j\a9f(-rAn�]��͇f>}=xC/˥ʯ��U>5O_��Ҽ�W&{hϦ6%�xa$l1A�Щ
|�hn0�3!Mb�fpTx9�p*�GO4
>&dC��k`V{ϙr-�#2O,�UE,%�|[Nw4�ɱF.yC�sab1S[82bՇ�<0�;��VWW/ӡ̩���RL��E�Vx���w�K-{�x3�#i�`w�uZ�{PtltAe v"щwl�F3q�>aAtN[a�#,|HTPuHO-N��-�N�k&|ۃc� S�چq��TKK��ByH-`�twkd9HR�=�I�*4uMf�βْ�4���{n%0)%� %JMBl�PzoUB*8���v``�a'ǯ�a2��Wbz`s9c\i|k�OzLTOP[K�|�iKZAߍ��Kod7-YmˊL3t#-[F�)ʢS#K-t|6(H"M�;$
oPmrb/�yJ>?��T>ws��Vj(t��I�c_P
&)F ���,ڍL[u�U|ٱs�Ә2L1�,d�Z�ӧ�-[@#
e`�0vaehe�]U�u U|�l>cx w�ߑ�C2z�dz$_Oxƪ~Saxr=HG=��gsx���
J.Ws�S7`
�=͛g5�c^n�`eRb0��yMv�:?�[� |[�`"ֶRC|R:NUpv�Rvc���d\F\)j)O2�Q�!*-^�x[9�NAxeѵhO`by�ݍ2ZWtmk�]+lY�rvJ^�Qt�7tlmb�@�J\�� �7#�Tte�
�` GY�u`+r�8ǩ6<]܈x1ؽfb@Z^��3LN
'*Vh.ϓ�U��0�]\}!l6�n_����oM4ZRˉw�N*@tƢ�I26pzr+T[�v[W쭽s6%c(\ɜK�RSk$5WViQm*'
Cf{H{qJs6BJF:6yes&�1��c����
|
Network Security & Hardware 
