×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Obama's Twitter Account "Hacked"

CmdrTaco posted about 4 years ago | from the well-not-exactly dept.

Security 308

Oxford_Comma_Lover writes "A 24-year-old living with his mother in France was arrested for 'hacking' into Obama's twitter accounts. (Warning: WSJ does obnoxious paywall things. Your miles may vary.) Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people; he has no computer science training or financial motive. He posted screenshots to a few boards and twitter found out within a few hours, either from a tip or from noticing when someone from France logs onto twitter as the President of the United States. (He did not actually tweet as POTUS, but just wanted to show he could break into the account.)"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

308 comments

He shouldn't be arrested (5, Insightful)

Monkeedude1212 (1560403) | about 4 years ago | (#31613750)

Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people

If thats all it takes then the system is broken, not the people abusing it.

Re:He shouldn't be arrested (4, Insightful)

magsol (1406749) | about 4 years ago | (#31613776)

Or the users need to cease using common knowledge as the answers to these not-so-security questions.

Re:He shouldn't be arrested (4, Insightful)

Monkeedude1212 (1560403) | about 4 years ago | (#31613834)

The "Security question" system in itself is the weak point in most security situations.

Mother's Maiden name?

Pet's first name?

Favourite Band?

How long do you think it would take to brute force any of those with a simple script? There's no point in making sure your passwords Really strong if your security question can be as weak as a noodle.

Re:He shouldn't be arrested (2, Insightful)

magsol (1406749) | about 4 years ago | (#31613910)

I agree, it's a double-edged sword. The system lends itself to simple questions with answers that are easily guessed, and simultaneously users make themselves very predictable. I should have started my previous comment with "And" instead of "Or".

Re:He shouldn't be arrested (1)

magsol (1406749) | about 4 years ago | (#31613942)

Crap, I didn't mean "two-edged sword", I meant "insult to injury". I'm confusing my fighting metaphors here.

Re:He shouldn't be arrested (3, Funny)

Anonymous Coward | about 4 years ago | (#31614298)

In front of me, asleep, is a nasty dragon who needs a good beheading. As I raise my broadsword to deal the death blow, the back edge of the blade slices into the arm of my pal Eddie, who squeals, and the dragon wakes & flies away. This really pisses me off, so I put some salt on the wound to make him keep squealing, then I tell him how fat & easy his mom is. Fucking Eddie. I guess I should have used the katana.

Re:He shouldn't be arrested (1, Funny)

Anonymous Coward | about 4 years ago | (#31614388)

Doc: You know what they say: People in glass houses sink sh-sh-ships.
Rocco: Doc, I gotta buy you, like, a proverb book or something. This mix'n'match shit's gotta go.
Doc: What?
Connor: A penny saved is worth two in the bush, isn't it?
Murphy: And don't cross the road if you can't get out of the kitchen.

--

Doc: Why don't you make like a tree, and get the fuck outta here?

Re:He shouldn't be arrested (3, Interesting)

0100010001010011 (652467) | about 4 years ago | (#31614068)

Who says the answer has to be 'right'?

For example every website that wants "Mother's Maiden Name" gets a sha1(md5($maidenname)). Technically accurate but no one is going to 'guess' it.

Same goes for all other questions. It doesn't even have to be as complex as a hash. Just do a simple reverse or Rot13.

Last name: Smith.
Reversed: htimS.
Rot 13: ugvzF.

Now the last name is technically accurate, even if it is permuted.

Re:He shouldn't be arrested (1)

clone53421 (1310749) | about 4 years ago | (#31614122)

Yes, which is why my “security” questions all have correct answers that look like gibberish.

But most people just put the answers.

too obvious.. (1)

TiggertheMad (556308) | about 4 years ago | (#31614206)

Why even include anything that relates to your mothers name? Why even give attackers that much? Just provide a 30 character string of random characters. It's not like anyone actually checks that your mom isn't named 'DFER%$^YBNSwerwer4r67786^##$%#%GFH'...

Re:too obvious.. (1)

commodore64_love (1445365) | about 4 years ago | (#31614500)

And what happens when you forget your password, or the system randomly decides to ask for your mother's maiden name. You have no idea what those random characters are.

BTW for what's it's worth, I use my GRANDmother's maiden name in the "mother's name" question. If I was president someone might know that bit of trivia, but for me? Nobody knows. My grandmother hasn't been a maiden since 1910, and since the town records burned to the ground, it would be very difficult to find.

 

Re:too obvious.. (2, Interesting)

Yetihehe (971185) | about 4 years ago | (#31614530)

If I forgot my password, there is very high possibility that I also forgot this complicated answer. Happened to me once.

Re:He shouldn't be arrested (1)

Maximum Prophet (716608) | about 4 years ago | (#31614432)

Who says the answer has to be 'right'?

Your memory.

If you can remember all that, you can remember your password.

On the other hand, if you use the same obfuscation on multiple web sites, then you are protected from the general population, but not from someone who can get ahold of your secret answers from several sites. Rot13 isn't too hard to figure out. Then they can log into all the sites that you've protected this way.

Secret Question/Answer is not a good way to secure a system.

The details of the case confirm your point (0)

Anonymous Coward | about 4 years ago | (#31614228)

The details of the case are all over the French press.

The kid guessed the password from the 2 twitter questions:

Non-American place of birth?
Everywhere

Nuclear launch code?
12345

Apparently they've know about the breach for months, but were waiting for the strategic command to change the password on all those missiles.

This kid has no idea of the damage he has done.

Re:He shouldn't be arrested (0)

Anonymous Coward | about 4 years ago | (#31614478)

Mother's Maiden name?

H9SIpOcytnCJ`7Xlzm$4

Pet's first name?

3H0arAKWHWCMnumsF4Ki

Favourite Band?

Z,XphoLGcW2qmyHOg8th

Naturally, these facts about myself require me to actually remember the password itself, but that is just fine IMO.

Re:He shouldn't be arrested (2, Insightful)

KarlIsNotMyName (1529477) | about 4 years ago | (#31614004)

Flamebait?

Personally I hate security questions. The suggestions are always obvious things where most you need to know is the person that owns the account.

The only safe thing is to not put an actual answer as the answer.

Re:He shouldn't be arrested (2, Insightful)

rolfwind (528248) | about 4 years ago | (#31614152)

Or the users need to cease using common knowledge as the answers to these not-so-security questions.

Well, when the system forces it upon you, you sometimes have no choice.

To me, it's the equivalent of needing 2 passwords instead of one, and I never fill out my security questions with anything but random data. It's truly a PoS security wise. I even hate it more when you can't type up your own question.

I wonder if facebook has "Your highschool?" or something equally stupid as a security question, when you're there to catch up with old friends in the first place.

Re:He shouldn't be arrested (4, Insightful)

girlintraining (1395911) | about 4 years ago | (#31613832)

If thats all it takes then the system is broken, not the people abusing it.

Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me. Jeez, I mean, what do you expect a criminal to do? Hey, btw -- what kind of slashdot poster are you, I didn't find any ramen to eat while you were out running errands either. I really wanted to have a snack after cleaning the place out. Ungrateful jerk...

Re:He shouldn't be arrested (2, Insightful)

Monkeedude1212 (1560403) | about 4 years ago | (#31613978)

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

However, not using a security question, or using one that is as difficult to guess (Symbols, upper lower case, etc) - is like locking the doors. It will deter most criminals.

If someone SERIOUSLY wanted to hack into Obama's Twitter and cause a ruckus, they would, and I would sympathize for the Prez. But when some dude in France is pulling it off to show off his "leet skills", when all he's doing is guessing, yeah - I think I know who to really blame.

Next thing I know I'm going to read the NSA is still using WEP/TKA!

Re:He shouldn't be arrested (5, Insightful)

girlintraining (1395911) | about 4 years ago | (#31614306)

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

You know, bathroom locks in most homes and apartments can be opened with a straightened paper clip. There's a reason for this: You can't accidentally open the door, but if there's an emergency (say someone has a fall, or locks themselves in to overdose on pills) the door can be easily opened.

Pointing out the flaws of the security system don't relieve the person overriding it of their ethical responsibilities to their fellow human beings. Most security exists merely to satisfy the restraint that breaking it isn't accidental, because strong security can impede a variety of legitimate activities. As one example, my cousin lives with roommates who steal her pills, so she had a lock placed on her bedroom door. However, she needed me to get into the room while she was away to get some paperwork. So I fashioned a simple lock pick and gained entry (with the owner's permission). The average person would be unable to do this, but as a security expert, I can. However, I did not do so without permission, because that would be a violation of privacy, however trivial it was for me to actually open the door (about 5 seconds).

Re:He shouldn't be arrested (2, Insightful)

MBGMorden (803437) | about 4 years ago | (#31614330)

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

Not being surprised isn't what you said. You said the guy shouldn't be arrested. Effectively, the parallel is that if someone DID leave their door unlocked, and someone came in and stole their stuff, then that person shouldn't be arrested either.

No matter how weak your security is, if someone trespasses, steals, or otherwise breaks into a computer or a house, then they need to be punished. Claiming that the security was so weak that it wasn't much trouble for you simply isn't an adequate defense.

Re:He shouldn't be arrested (2, Insightful)

clone53421 (1310749) | about 4 years ago | (#31614504)

He didn’t “steal stuff”, he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.

Re:He shouldn't be arrested (2, Insightful)

NotBornYesterday (1093817) | about 4 years ago | (#31614390)

What is surprising is that out of the 6+ billion people on earth, only this guy seems to have had the motivation (if, indeed, you can calla 24-year old living with his mother "motivated") and imagination to do this. You would think that someone would have done this already either for shits-n-giggles, or possibly more sinister purposes.

Re:He shouldn't be arrested (1)

Sir_Lewk (967686) | about 4 years ago | (#31613980)

Although blaming the victim is never politically correct, realistically they generally do share some of the blame. If I leave my bike sitting on the sidewalk of any major city and fail to lock it to anything, do you really think it's not my fault at all when it gets stolen?

Re:He shouldn't be arrested (1)

HateBreeder (656491) | about 4 years ago | (#31614138)

Ideally, It wouldn't be your fault at all.

Realistically, you should know better.

So it really depends on your POV... are you an insurance company trying to avoid paying a claim? or are you an Idealist trying to get justice?

Re:He shouldn't be arrested (1)

girlintraining (1395911) | about 4 years ago | (#31614354)

or are you an Idealist trying to get justice?

Idealism is the virtue of the rich. The poor do what is necessary to survive. Your stolen bike may have fed someone for a week. Doesn't make it right, nor does it devalue aspiring to an idealistic society where locks are not necessary -- but realistically, so long as poverty exists, so will crime. And even if poverty didn't exist, there would still be thrill-seekers. So yes, it's impractical to be an idealist -- but we should still strive when possible to reach for idealism.

Re:He shouldn't be arrested (0)

Anonymous Coward | about 4 years ago | (#31614072)

It's less like "not installing triple deadbolts" than it is a case of leaving the key under your front doormat where anyone with a modicum of resourcefulness and motivation can find it.

What do you think your insurance company would say if you got robbed, and you had been so stupid as to leave the key under your doormat?

Yes, of course: "Oh, poor victim. Not your fault. Let us write you out a check."

Re:He shouldn't be arrested (1)

gambino21 (809810) | about 4 years ago | (#31614088)

What victim? It says he didn't even make any posts. This seems more like opening the unlocked front door of your house, saying "yep it's open" and then leaving without taking anything.

Re:He shouldn't be arrested (2, Insightful)

girlintraining (1395911) | about 4 years ago | (#31614404)

What victim? It says he didn't even make any posts. This seems more like opening the unlocked front door of your house, saying "yep it's open" and then leaving without taking anything.

That's still tresspass in the real world. It's reasonable to expect that the residence was occupied and the owner could have been located prior to gaining entry, same as having 'no tresspassing' signs posted. There may be no security present to stop you, but that's not a valid argument for entering the premises.

Re:He shouldn't be arrested (1)

Dishevel (1105119) | about 4 years ago | (#31614238)

Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me. Jeez, I mean, what do you expect a criminal to do? Hey, btw -- what kind of slashdot poster are you, I didn't find any ramen to eat while you were out running errands either. I really wanted to have a snack after cleaning the place out. Ungrateful jerk...

it is not like "Blaming the Victim" means you do not blame the perp. Just because the criminal is wrong dose not mean that you have to ignore the stupidity of the victim if it exists. I really have a problem with people who just post crap with no thought put in whatsoever.

Re:He shouldn't be arrested (1)

G2GAlone (1600001) | about 4 years ago | (#31614308)

If you saw a quarter on the ground would you refuse to pick it up because it belonged to someone at one point? It's just laying there on the ground. The person that lost it probably doesn't even care, right? Where do you draw the line on morality and circumstances? I know it's a far stretch but even though the blame is obviously on the hacker, don't you think the POTUS should be a bit more careful? Especially in this day and age. I would be tempted to give him a firm slap in the face if I knew he had ever considered using "password" for an account password, or his mother's maiden name for a security question. *looks over shoulder for secret service*.

Re:He shouldn't be arrested (1)

Sleepy (4551) | about 4 years ago | (#31614332)

WHAT lock?

I walked by your door, and it turns out you hung a PHOTOGRAPH of a lock and there was no security.
That's like leaving a shoebox of money on the sidewalk with a note "please do not take or open".

Your metaphor alleges direct physical access and brute force. Think before you post.

Re:He shouldn't be arrested (0)

Anonymous Coward | about 4 years ago | (#31614392)

"Victim"? Well, to make your analogy better, it's more like you found the house with a simple password lock system, you tried guessing the answer and the door unlocked. Then you opened the door just for kicks, and subsequently closed it. Big whoop. If anything the "victim" should be grateful that you pointed out the security weakness before someone who really wanted to steal stuff figured it out.

Re:He shouldn't be arrested (1)

Ed Peepers (1051144) | about 4 years ago | (#31613852)

I sympathize with this guy in that they'll probably throw the book at him, but should burglary be allowed simply because locks are easy to pick?

Re:He shouldn't be arrested (1)

Kelbear (870538) | about 4 years ago | (#31614410)

The Law is there is preserve order, it only dispenses justice on occasion coincidentally.

That's why there is a human component involved, judgement is required to evaluate the situation in comparison to the abstract scenario around which the Law was crafted. Then they can see how the Law should be applied in this specific situation.

If the man broke in, and did no harm, in fact, doing nothing other than highlighting the flaws in security, then he has provided a service with no detriment. A reasonable human perspective can see that the "hacker" doesn't deserve severe punishment. Should another hacker break-in and try to do damage (and even fail to do damage), it would be reasonable to say that this hacker /should/ be punished even though the end result of both hackers' attempts are the same.

Re:He shouldn't be arrested (2, Interesting)

drachenstern (160456) | about 4 years ago | (#31613856)

I just wanna know if it had the phone number to Obama's Blackberry synced and if those were in the screenshots...

Re:He shouldn't be arrested (5, Insightful)

DragonWriter (970822) | about 4 years ago | (#31613894)

If thats all it takes then the system is broken, not the people abusing it.

Its pretty trivial to break into most homes, cars, etc., but when people actually do it, we consider their actions to be the problem.

I don't see why the fact that it is a computer system means that there is suddenly nothing wrong with the actions of the person deliberately breaking in.

Sure, its fairly trivial for an online service to institute better security than "guess an fairly easy question and get access", so there are grounds for saying that the system has a problem. Its another thing, though, to go further and say that it is the system and not the intruder that is the problem.

Re:He shouldn't be arrested (1)

Monkeedude1212 (1560403) | about 4 years ago | (#31614042)

Suppose your door is left unlocked, but latched. And there are about A hundred Doorknobs on your door, only one of them actually opens the door.

This is essentially what happened. Had they locked the door, IE, not made a guessable password or security answer, he wouldn't have gotten in.

Re:He shouldn't be arrested (0)

Anonymous Coward | about 4 years ago | (#31614244)

Its another thing, though, to go further and say that it is the system and not the intruder that is the problem.

There was a friend of mine many years ago who was trying to write an aimbot for one of the earlier Quake games. During the discussion that followed:

Him: "Well, it's not MY fault that they give us an easy hitScan method to use with bots! :-)"
Me: "No, but YOU'RE the one being a dick for using it, and that IS your fault."

Same basic idea, phrased differently.

Re:He shouldn't be arrested (1, Funny)

Anonymous Coward | about 4 years ago | (#31613998)

He should be arrested and forced to use Windows for the rest of his life, that will serve him right! Never again will he feel the awesome power of Open Source Software, which is inherently superior to Closed Source Proprietary software.

Re:He shouldn't be arrested (2, Insightful)

cosm (1072588) | about 4 years ago | (#31614028)

If I take my keys and guess a random house to try them on, and get in, it isn't the locksmith's, homeowner's, nor key's fault I trespassed. I conscientiously decided to take the action. It is true that simple attack vectors make things prone to exploit, but the responsibility for the intrusion lies on the individual knowingly exploiting that vector.

Saying it could have been prevented by a better "system" and then redirecting the blame is like blaming my broken leg on the car manufacturer for not installing a reinforced titanium in the event I choose to plow into a tree.

it is simple morality (3, Insightful)

circletimessquare (444983) | about 4 years ago | (#31614212)

that if you transgress against someone else, you are the problem

for example: if a bag of cash is sitting wide open and unguarded just inside an open door, you have absolutely 0% right to take it, and you are 100% to blame for the theft: YOU took it, no one told you to. your own poor decision making is the key

no matter how horrible or nonexistent someone's defenses, when you transgress against them, you are a criminal, you are 100% culpable, you have no excuse, you should be punished, and your morality sucks. plain and simple

sure, people SHOULD have good defenses. mainly because of all the immoral assholes out there. but even that you knew there were a lot of immoral assholes out there and their behavior is pretty predictable, none of that excuses the actual immoral assholes and their behavior. but another way: stupid is bad, but evil is always worse

so you need good defenses, but when you are transgressed against, the question of the quality of your defenses is completely besides the point: the immoral asshole needs to be punished

Wrong (1)

aepervius (535155) | about 4 years ago | (#31614408)

If my lock at my door is poor, I may have problem getting money back from the insurance, but for the law, you entering my home it by using a replacement key wills till be considered "breaking and infringing upon my property". It isn't different here.

The password (5, Funny)

Anonymous Coward | about 4 years ago | (#31613760)

I heard was "Let them eat cake"

What? (1)

Vinegar Joe (998110) | about 4 years ago | (#31613784)

They have basements in France?

Re:What? (2, Funny)

Anonymous Coward | about 4 years ago | (#31613900)

They have basements in France?

In France they call them Royale With Cheetos.

Laugh It Off (2, Insightful)

Anonymous Coward | about 4 years ago | (#31613810)

They laughed it off when Palin was hacked...Will they laugh now for the POTUS?

Re:Laugh It Off (2, Insightful)

Anonymous Coward | about 4 years ago | (#31614166)

That would be in keeping with their two faced sense of outrage.

Re:Laugh It Off (1)

natehoy (1608657) | about 4 years ago | (#31614280)

They did?

His trial starts April 20.

http://www.myfoxmemphis.com/dpp/news/local/032410-apx-david-kernell-in-court-in-palin-hacking-case [myfoxmemphis.com]

Obviously you and I have very different definitions of the term "laughing it off". Last I checked, it doesn't include arresting someone, having them post bail, and charging them with multiple felonies that carry jail sentences. I'd hate to see what your definition is for actually being held responsible for something.

Having said that, they should let David go, and they should also let this French kid go. If you're stupid enough to use easily-accessible public information for your security question, you pretty much deserve what you get. In both cases, these were private, not government, email accounts that were broken into.

He should've at least posted something. (1, Funny)

Anonymous Coward | about 4 years ago | (#31613814)

Maybe "I am the great cornholio!"

Re:He should've at least posted something. (4, Funny)

Starteck81 (917280) | about 4 years ago | (#31613884)

I was thinking "Hey guys Global Thermal Nuclear War later this afternoon... just thought you should know."

Re:He should've at least posted something. (1)

sheph (955019) | about 4 years ago | (#31614114)

Better yet, "Iran wants nukes, Russia wants us to get rid of some of ours, so we're sending them to Iran."

Re:He should've at least posted something. (5, Funny)

amliebsch (724858) | about 4 years ago | (#31614402)

No, no, no, he should have tweeted:

"My fellow Americans, I am pleased to tell you today that I have signed legislation that will outlaw France forever. We begin bombing in 5 minutes."

Sacrebleu! (0)

Anonymous Coward | about 4 years ago | (#31613822)

Well of course Marcel Marceau didn't tweet as POTUS.

And this is why we ONLY SERVE FREEDOM FRIES !! (0)

Anonymous Coward | about 4 years ago | (#31613824)

To hell with the French and their weird-ass language (damn french words).

Re:And this is why we ONLY SERVE FREEDOM FRIES !! (4, Funny)

Anonymous Coward | about 4 years ago | (#31614130)

This is France. Since you don't like our language, we'll be taking it back. Please remove the word 'language' from your post. Merci.

Good. (5, Insightful)

geekoid (135745) | about 4 years ago | (#31613854)

Having a password clearly dictates the intent of the person is not to allow other people to use it.

If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime... or at least very rude.

Re:Good. (1)

clone53421 (1310749) | about 4 years ago | (#31613898)

Having a password clearly dictates the intent of the person is not to allow other people to use it.

Perhaps so, but what is indicated by having a system whereby your password is freely given to anyone who knows your mother’s maiden name, high school mascot, and first pet’s name?

Re:Good. (1)

ShadowRangerRIT (1301549) | about 4 years ago | (#31614142)

Technically, it probably didn't give him the password, just allow him to reset it. Using the lock analogy, it's like a locksmith agreeing to make new locks and keys for anyone who greets them by opening the door of the house; they don't check the ownership records and ID, they just assume that someone who was able to get into the house and hasn't been challenged has the right to change the locks.

Re:Good. (1)

clone53421 (1310749) | about 4 years ago | (#31614276)

Actually, I’ve perused the Twitter help pages and it doesn’t seem to use secret questions at all... it looks like it sends a password reset to your e-mail address via this interface [twitter.com]. So to get into the Twitter account, you’d first have to get into the e-mail account that it was registered under... which seems to contradict the story, which said that he posed as a Twitter site administrator and got access by answering secret questions.

I’m going to need more data before I can rule on this one...

Re:Good. (1)

hanabal (717731) | about 4 years ago | (#31614300)

how about a system that give the front door key to anyone that looks under the welcome mat?

Re:Good. (1)

clone53421 (1310749) | about 4 years ago | (#31614470)

If you’ve also posted a sign saying “Forgot key? Guess where to look to find the spare”... then yeah; it’s kinda analogous to that.

Re:Good. (1)

pseudorand (603231) | about 4 years ago | (#31614248)

But no one kicked in any doors. All he did was tell people he found the key under the mat, a rather obvious place to look. Do we all really have a responsibility to keep the secrets of perfect strangers that we happen to learn? If he'd used the password, I'd say fine him or jail him, depending on how much trouble he caused or intended to cause. If he tried to sell the password, send him straight to jail. But if he simply embarrassed the whitehouse, thereby encouraging them to better secure their means of communication, then someone send that guy a metal for being a true patriot! And he's not even an American. Now don't we all feel bad about the whole freedom-fries thing.

Re:Good. (1)

girlintraining (1395911) | about 4 years ago | (#31614488)

Having a password clearly dictates the intent of the person is not to allow other people to use it.

Not entirely accurate: Having a password is like a key. Anyone can possess it, but it's use is still governed by the permission of the owner. One password can be used by multiple people, or not.

If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime... or at least very rude.

Again, not entirely accurate: The presence or absence of an access-control mechanism provides no information on its intended use. The door could be locked because it's a bathroom that connects two bedrooms, and the person on the other side left through the other door and forgot to unlock it. There's the implication that a locked door means no entry, but it's not always or necessarily true.

Who cares (2, Informative)

snowwrestler (896305) | about 4 years ago | (#31613902)

What important data is stored within that Twitter account? What crucial lines of communication flow through it?

Re:Who cares (1)

GodfatherofSoul (174979) | about 4 years ago | (#31613992)

Being able to attribute comments to another person is power. Especially if that person's career is reliant on public perception such as it is for politicians, musicians, and actors.

log of 'hacked' password recovery session: (5, Funny)

circletimessquare (444983) | about 4 years ago | (#31613928)

q: "what city were you born in?"
a:"honolulu"
incorrect
a:"oahu"
incorrect
a:"kandahar"
correct

q: "what is your political affiliation?"
a:"democrat"
incorrect
a:"centrist"
incorrect
a:"fascist"
correct

q:"what is your favorite catchphrase?"
a:"yes we can"
incorrect
a:"change we can believe in"
incorrect
a:"from each according to his abilities, to each according to his needs"
correct

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some tea party morons out there might actually take my joke seriously)

Re:log of 'hacked' password recovery session: (2, Insightful)

bsDaemon (87307) | about 4 years ago | (#31614054)

Wow... always knew that he was a fascist communist from central Asia. Everything is coming together now! (i hate teabaggers)

Really amazing (0)

Anonymous Coward | about 4 years ago | (#31614518)

the only hate I see is from you and the poster you replied too, who are evidently predisposed to a certain belief.

I am not sure what is worse, that you think this way or that you both got rated insightful. I am really beginning to belief the most bile spewing people are on the left. Hate is what you make of it. I guess you can justify it by presenting yourself somehow as superior

Re:log of 'hacked' password recovery session: (-1, Troll)

Beelzebud (1361137) | about 4 years ago | (#31614132)

Keep it coming! You dumb ass teabaggers are marginalizing the Republican party more and more each day.

notice the last sentence in my comment (1)

circletimessquare (444983) | about 4 years ago | (#31614288)

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some tea party morons out there might actually take my joke seriously)

thanks to your comment, a revision is in order:

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some t^He^Ha^H p^Ha^Hr^Ht^Hy^H morons who comment without reading out there might actually take my joke seriously)

Re:notice the last sentence in my comment (0)

Anonymous Coward | about 4 years ago | (#31614510)

I'm a "tea party moron." Looking at the replies, it seems you underestimate and overestimate the wrong people. Maybe it's time to rethink a few things.

Re:log of 'hacked' password recovery session: (1)

clarkkent09 (1104833) | about 4 years ago | (#31614536)

Congratulations, it's not easy to several different proofs that you are a moron in just two short sentences.

Re:log of 'hacked' password recovery session: (1)

SnarfQuest (469614) | about 4 years ago | (#31614322)

q: what is your favorite sport
a: football
incorrect
a baseball
incorrect
a: teleprompter tennis.
correct

No excuses will save him. (0)

tlongshore (1775768) | about 4 years ago | (#31614014)

Identifying weak links in the system is irrelevent as an excuse. That is what the secret service is for. This is one twitter account you should not mess with. Common sense did not prevail here. If he does get prosecuted I will not feel sorry for him. Law of Darwin should take effect. He was not smart enough to make it in society. I mean how stupid/arrogant do you have to be to mess with the POTUS? And the besides what the OP/TFA says, This should not be considered hacking. Unless you want to equate me hyjacking your car by finding the keys hidden in the glovebox.

A Slap On the Wrists (0)

Normal Dan (1053064) | about 4 years ago | (#31614060)

is all he should get. Perhaps he should be rewarded, he was given the twitter account of the POTUS and he didn't even do anything with it. Now yes, the law says blah blah blah, however, this guy was just curious. He wanted to challenge himself. This country needs more people who are interested in more than American Idol and repeating the mantra "yes we can." blah blah blah, blah blah. Curiosity is what science is all about, it's how progress is made, etc.

Not "hacking" (3, Insightful)

bsDaemon (87307) | about 4 years ago | (#31614126)

I don't even see how this can be dignified as "hacking" -- it's not even "script kiddy" in its complexity. If this weren't the President then I doubt it would even be news at all. But is the account even actually Obama's in the sense of, he actually takes the time to post on it himself? Doesn't he have a country to run or something?

Re:Not "hacking" (1)

Sleepy (4551) | about 4 years ago | (#31614406)

Exactly.

There's a lesson to be learned here... for Facebook and for the controller of the Obama twitter account.

The lesson LOST is all the clueless posters saying "this is like breaking down a bank vault door" and other nonsense which demonstrates a lack of understanding of "virtual". These are the same people who equate borrowing a friend's CD with armed robbery of a the artist's bank. It's no use correcting these people when they're knowingly being obtuse as a "talking point".

Re:Not "hacking" (0)

Anonymous Coward | about 4 years ago | (#31614494)

It seems "hacking" these days refers to gaining unauthorized *electronic* access.

really? (0)

Anonymous Coward | about 4 years ago | (#31614158)

A 24-year-old living with his mother...

I take offense to that!

"Hacked" is way too much. (1)

ThePangolino (1756190) | about 4 years ago | (#31614170)

Way too much! Let me also suppose the poor guy will get sued and maybe jailed for what he did. The thing I wonder is what will happen if my Twitter account was """"""hacked"""""" like this? Will it deserve a story in Slashdot?

My secret question... (0)

Anonymous Coward | about 4 years ago | (#31614174)

Is what is my favorite sports team...

That I'm posting on Slashdot should tell you how legit my answer is.

Password recovery methods are stupid (2, Insightful)

Anonymous Coward | about 4 years ago | (#31614204)

This is why I type a huge string of random gibberish into those stupid "Password Recovery" sections that ask me questions that any person that does any amount of research into my life can figure out.

Those things are stupid and the fact that so many sites still use them is completely stupid.

How? (2, Interesting)

iprefermuffins (1460233) | about 4 years ago | (#31614236)

I'm a little confused how this guy's "hack" worked as described. I just checked Twitter and it doesn't have password recovery questions. And the "forgot password" form offers to send a password reset link to the email address associated with the account, so it's not going to be a way in unless you have access to the email too.

twitter diplomacy (0)

Anonymous Coward | about 4 years ago | (#31614350)

POTUS: cher @Canada, nous avons assez de vos dérision les bombardiers voler à midi.

Question based security (1)

wisnoskij (1206448) | about 4 years ago | (#31614366)

Everyone already knows that question based security is not safe.

The news here is that the POTUS is not following basic security measures to keeps his accounts safe.
Which he really should be.

Re:Question based security (1)

istartedi (132515) | about 4 years ago | (#31614508)

POTUS didn't make the policy. It's a Twitter account, so I assume this is what they do when you forget your PW.

Now, even if somebody got total control of the POTUS Twitter account and started posting all kinds of outrageous crap, we'd figure that out pretty quickly and lay the blame where it belongs--Twitter.

Should they have better security? Maybe. It's not the nuclear football though. One-time pads with armed guards and officers turning keys simultaneously is just a bit of overkill for a web site where you post your golf scores.

Wanker (1)

Capt.DrumkenBum (1173011) | about 4 years ago | (#31614458)

After he got access he should have used Twitter to declare war on Vatican City.
Size: 0.17 sq. mi. (0.44 sq. km)
Population: 783 (2005 census)
Location: Rome, Italy

PGP Signed Info (1)

al0ha (1262684) | about 4 years ago | (#31614514)

Unless an electronic communication is PGP signed it should never be trusted so use of Twitter by all Twits, especially POTUS, is ridiculous as it is completely insecure and unverifiable.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...