Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Twitter Closes Hole After Attack Hits Up To 500K Users

CmdrTaco posted more than 3 years ago | from the hate-when-that-happens dept.

Security 135

chicksdaddy writes "Twitter closed an ugly cross site scripting hole in its Web page Tuesday morning, but not until a fast moving attack, including at least two Twitter worms, compromised hundreds of thousands of user accounts. At its height, the attacks were hitting 100 Twitter users each second, putting estimates of the total number of victims at around 500,000 according to researchers at Kaspersky Lab."

cancel ×

135 comments

Sorry! There are no comments related to the filter you selected.

Seriously (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33654804)

How complicated is it to write somewhat secure software that processes 140 character messages?

Here's how they did it.... (-1, Offtopic)

AnonymousClown (1788472) | more than 3 years ago | (#33654894)

FTFA:

The worms allowed attackers to infect a user's account and those of his or her followers,...

As you can see, they didn't secure trans-gender accounts - why do you think they said "his or hers"? Because the account holder is trans-gender and they weren't sure what to call him or her.

Now, folks who were followers of him and the folks who were followers of her were completely fine.

Re:Seriously (4, Funny)

MobileTatsu-NJG (946591) | more than 3 years ago | (#33655210)

How complicated is it to write somewhat secure software that processes 140 character messages?

Yeah, they should shorten it to 70 characters and make it twice as secure.

Re:Seriously (1)

spun (1352) | more than 3 years ago | (#33655272)

But there would be less entropy in 70 character messages. What they need to do is double it to 280, but require every other character to be random. Nobody could hack that!

Re:Seriously (0)

Anonymous Coward | more than 3 years ago | (#33657234)

A while back, I was in charge of our end of an integration with one our clients. They insisted on using AES so that it would be secure. When it came time to exchange keys, they sent us a 16-character (64-bit) hex-encoded key. We pushed back since the minimum AES key size 128 bits and our application would error out with a key that small, but they insisted that it worked on their end. After much back and forth, we figured out that they were passing the key in as ASCII bytes of the minimum key length, effectively using a 64-bit key. We tried to explain why this was bad and how they could decode the hex value (even going so far as to send them the Perl snippet of code they'd need), but they didn't understand what was going on conceptually.

The scary "the call is coming from inside the house" punchline to this story is that the client in question makes tax software that I'd bet the majority of people here use to file their taxes.

Re:Seriously (1)

fluffy99 (870997) | more than 3 years ago | (#33658562)

After much back and forth, we figured out that they were passing the key in as ASCII bytes of the minimum key length, effectively using a 64-bit key.

Technically they had a 128-bit key (16 x 8-bit ascii characters). Limiting the key selection to ascii characters 0-F just means they had an artificially small key space. This is only a help if the attacker knows what they did, in which case it would significantly speed up a brute force attack. Essentially the same issue with long passwords that are only lower case characters.

Re:Seriously (1)

mlts (1038732) | more than 3 years ago | (#33655862)

How about allowing for unlimited characters, but store it in a 128-bit MD5 hash? It isn't as secure as SHA-256, but it is close enough for this work.

Re:Seriously (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#33657228)

I can't believe Twitter. Or rather, I can't believe people use Twitter. It has to be the stupidest most lame app on the planet. What am I missing? Seriously, the masses are just cattle to be led to the killing floor. I'm going to shoot an email over to GM and suggest a car that only goes 30 miles per usage for no real reason other than to differentiate itself from cars that are actually useful.

Someone please explain Twitter to me.

Re:Seriously (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33657644)

[...and suggest a car that only goes 30 miles per usage for no real reason other than to differentiate itself from cars that are actually useful..]

This is why those craptastic Mazda 3s and VWs sell so well in the US most likely. No, they can't go 65-70 reliably, but they look stylish. Of course, the European counterparts actually have horsepower, but the American ones tend to be for people who just don't know any better.

Re:Seriously (1)

ILuvRamen (1026668) | more than 3 years ago | (#33655430)

Maybe they hired some old Adobe employees or something. I mean features > security or even features > caution is what they hang up as a poster on the wall at most places. If you make a super simple site that JUST delivers 140 character strings between users, your marketing people's heads would explode. That's just inconceivable that you'd change and upgrade your service nonstop for no reason and add features nobody wants and that don't work.

Re:Seriously (3, Funny)

mark72005 (1233572) | more than 3 years ago | (#33655744)

If they were using old Adobe employees, Twitter would start requiring you to update your system every 2 or 3 hours.

Re:Seriously (1)

NiceGeek (126629) | more than 3 years ago | (#33656124)

"and add features nobody wants" going by the demand for url shortening services, TwitPic, TwitVid, etc, etc. It's obvious there is demand for new features.

Re:Seriously (3, Insightful)

lennier (44736) | more than 3 years ago | (#33656524)

"and add features nobody wants" going by the demand for url shortening services, TwitPic, TwitVid, etc, etc. It's obvious there is demand for new features.

And presumably the top of those features would be "allow messages larger than 140 characters so that we can just post the actual URL".

With a few billion dollars and about 40 years worth of solid development, Twitter might eventually turn into some sort of simple transfer protocol for multipurpose Internet mail...

Re:Seriously (1)

moderatorrater (1095745) | more than 3 years ago | (#33655530)

Having to deal with XSS myself recently, I have to say that I'm not that shocked. It's really, really hard not to accidentally miss something while you're programming in HTML and leave yourself vulnerable. Google's had issues with it before, most open source solutions have had that vulnerability, and now Twitter has. In a lot of ways I'm more surprised that this is the first one they've had.

Re:Seriously (2, Informative)

psyclone (187154) | more than 3 years ago | (#33655764)

Uh, how hard is it NOT to escape your output?

Maybe it's difficult to sanitize all of your input, fine. So simply escape it properly on output.

It's the same thing with SQL injection mitigation: simply use prepared statements and you don't need to worry about the user's input. (Mostly)

Re:Seriously (1)

shird (566377) | more than 3 years ago | (#33657034)

It's nothing like SQL sanitation, unless you are using pre tags. But that doesn't allow embedded links or formatting.

Escaping HTML is very difficult, especially when you massage the output a bit (i.e hash tags and http links). There is also unicode, %20 and &amp style notation, "double escaping" etc.

Re:Seriously (2, Informative)

Idiomatick (976696) | more than 3 years ago | (#33658528)

http://htmlpurifier.org/ [htmlpurifier.org] ? I mean twitter devs could Google the problem I guess.

And it isn't twitter's first security problem.

Re:Seriously (1)

Dynedain (141758) | more than 3 years ago | (#33656064)

Not very difficult, unless of course you put the command and control structure within the same information channel as the content, sans escaping or syntax. Then you have the nasty problem of any particular string of characters being content, instructions, or both.

...did I miss it? (1)

Halifax Samuels (1124719) | more than 3 years ago | (#33654826)

Was I too late to the party? I tried the exploit out at about 7 hours ago (with the malicious code removed) and it never worked for me. I then went to accounts that were reported infected and couldn't get any results. Was I lucky or just unintentionally more secure somehow?

Re:...did I miss it? (1)

Celexi (1753652) | more than 3 years ago | (#33654864)

I think it was already fixed by that time.

Re:...did I miss it? (1)

stepdown (1352479) | more than 3 years ago | (#33654964)

Their post confirming it was fixed came out about that time

http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched

Re:...did I miss it? (0)

Anonymous Coward | more than 3 years ago | (#33656570)

You speak of Twitter as if it had the unquestionable authority of Netcraft.

Nothing of Value Was Lost (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33654830)

Nothing of Value Was Lost

But something was gained! (4, Funny)

spun (1352) | more than 3 years ago | (#33655294)

Anything that gets Twitter to shut its damn hole is a good thing IMHO.

Re:But something was gained! (0)

Anonymous Coward | more than 3 years ago | (#33656156)

I just ate toast!

Interesting, yet pointless (5, Interesting)

pablo_max (626328) | more than 3 years ago | (#33654888)

Really,I know a lot of people seem to be using twitter, but I just don't get it. Am I too old? Hell, I don't actually know anyone using it. At least I don't think I do.
Why are people so interested to read an internet based text message? Is it really better than reading a well thought out and reasoned article about something?

More and more I see on all these tech news sites and blogs that they heard from so and so's tweet that such and such will be released with this and this. Then, all the other news sites link to the first blog who is using twitter as a source of information.
Since when is a text message a reliable source of information?

Re:Interesting, yet pointless (4, Insightful)

stepdown (1352479) | more than 3 years ago | (#33654942)

I treat it more as an RSS feed. A lot of people use it to link to full articles, and as a means of just sharing links to information it's great.

Re:Interesting, yet pointless (3, Insightful)

metamatic (202216) | more than 3 years ago | (#33655332)

Actually, no, as a means of just sharing links to information it sucks, because you generally can't fit URLs and useful description into 140 characters--so you either have to skip describing the thing you're linking to, or you have to obfuscate the URL through a redirection service.

Facebook, delicious.com, Tumblr etc are much better ways of sharing links to information.

Re:Interesting, yet pointless (1)

mark72005 (1233572) | more than 3 years ago | (#33655758)

I use it to aggregate a lot of information from feeds of my choosing into one place. RSS does this as well, but the same content is not available and it's not as bite sized and scannable to me.

Plus it allows me to interact, which RSS does not.

Re:Interesting, yet pointless (1)

vlm (69642) | more than 3 years ago | (#33655774)

or you have to obfuscate the URL through a redirection service.

I refuse to click on those, too easy to be goatse'd or rickrolled

Re:Interesting, yet pointless (2, Insightful)

dotgain (630123) | more than 3 years ago | (#33656080)

Never happened to me once. Probably got something to do with not following idiots who post such links.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33656112)

there are browser etensions to autoexpand those.

Re:Interesting, yet pointless (1)

MrCrassic (994046) | more than 3 years ago | (#33657880)

Then just use a verification service to unmask the trimmed URL.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33656088)

I've seen people using http://tinyurl.com to condense these URLs you speak of.

Re:Interesting, yet pointless (1)

josgeluk (842109) | more than 3 years ago | (#33656220)

Actually, no, as a means of just sharing links to information it sucks, because you generally can't fit URLs and useful description into 140 characters--so you either have to skip describing the thing you're linking to, or you have to obfuscate the URL through a redirection service.

Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.

Re:Interesting, yet pointless (3, Informative)

lennier (44736) | more than 3 years ago | (#33656588)

Oh come on. Twitter clients like Tweetdeck automatically shorten links that you paste into them.

Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.

Tim Berners-Lee cries!

Re:Interesting, yet pointless (1)

bertoelcon (1557907) | more than 3 years ago | (#33657674)

Thereby destroying the name-referentiality of the Web, so as soon as one of those URL-shortener services goes out of business, poof, all the links in saved messages evaporate.

If they are worth it then the sites can be found another way.

Re:Interesting, yet pointless (1)

mattack2 (1165421) | more than 3 years ago | (#33656834)

Facebook, delicious.com, Tumblr etc are much better ways of sharing links to information.

I'm not completely disagreeing with you, but the fact that the messages just come to my phone, rather than having something I have to go out and seek, is convenient.

Even saying that, I *do* wish I could also/instead have the tweets of each twitter user I follow emailed to me once a day. It'd be even easier to skim that way.

In other words, advertise (0)

Anonymous Coward | more than 3 years ago | (#33655376)

In other words, advertise. OK, now I get it.

"A lot of people use it to link to full articles"

Re:Interesting, yet pointless (1)

lennier (44736) | more than 3 years ago | (#33656566)

I treat it more as an RSS feed

So why not use RSS?

Re:Interesting, yet pointless (1)

Cimexus (1355033) | more than 3 years ago | (#33657374)

Cause most things these days offer a Twitter feed but not many offer RSS. Plus Twitter is two-way.

I basically just use Twitter as a glorified aggregation service. News headlines from a variety of sites. My ISP's file mirror updates. Updates from bands I follow. Info from online games that I play. Half these organisations don't have RSS feeds, and even if they did, you can't communicate back to them, which is very handy. I even had a issue with my mobile phone provider sorted out via Twitter the other week - certainly beats sitting on hold on the phone for hours.

I don't really use it for social purposes at all ... as GP says things like Facebook are much better for that. But it's basically the RSS of the 2000s.

As an aside ... can anyone recommend a good iOS RSS reader?

Re:Interesting, yet pointless (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33654948)

Yet, you read and post Slashdot comments.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33655076)

Slashdot != Twitter

Re:Interesting, yet pointless (4, Insightful)

Abstrackt (609015) | more than 3 years ago | (#33655102)

Yet, you read and post Slashdot comments.

It's no fun complaining about something if no one sees or hears you doing it.

I have a theory that this is also why Facebook and Twitter have gained so much popularity. Half the updates I see on either are complaints about work, chores, some person who won't be named but must be publicly called out on some unspecified charge and/or the weather.

Re:Interesting, yet pointless (1)

Hatta (162192) | more than 3 years ago | (#33655890)

That explains why people post to Twitter. Why do people read it?

Re:Interesting, yet pointless (1)

bertoelcon (1557907) | more than 3 years ago | (#33657690)

That explains why people post to Twitter. Why do people read it?

People want to feel part of a group that bitches about things they bitch about?

Re:Interesting, yet pointless (1)

commodoresloat (172735) | more than 3 years ago | (#33657932)

That explains why people post to Twitter. Why do people read it?

Who says anybody reads it?

Re:Interesting, yet pointless (1)

pablo_max (626328) | more than 3 years ago | (#33655156)

Sorry..I fail to see how slashdot and twitter are anything alike. Explain please.
Are you saying that I can post a comment on someones twitter account that everyone else can see and then some random douche can make a comment on it? I didn't think twitter was like that at all.

Re:Interesting, yet pointless (5, Informative)

Anonymous Coward | more than 3 years ago | (#33655024)

That's not the point. Microblogging isn't blogging. Look, here's some people I follow on twitter

1) Wikleaks - they announce new leaks and news articles about em
2) Bands, e.g. Oceansize tweeted "People of York, be warned we are likely to be opening the doors late. There are fucktonne of problems with this venue.". 65dos also just released a free track!
3) Comedy stuff, e.g. the chilean_miner account: "Another troubled night. Ramon was mining in his sleep again" or Jesus_M_Christ: "Mesus Christ, I got hacked? I knew it was a mistake to mouseover a link on Judas' Twitter page."
4) Friends, who talk about their daily lives (these things interest me)
5) Work collegues, to see what conferences they're at and what they're working on
6) Stuff to do with the societies I'm in at uni, like student robotics organising get-togethers and pub trips.

Try it. Follow your favourite authors, musicians, websites and so forth. It's like a huge aggregated RSS feed with stuff that isn't normally syndicated included.

Re:Interesting, yet pointless (2, Funny)

rueger (210566) | more than 3 years ago | (#33655070)

Twitter = Facebook without all of the crap.

Well, at least shorter crap.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33655146)

The crap is in smaller pieces, so it's less likely to clog the tubes.

Re:Interesting, yet pointless (1)

pablo_max (626328) | more than 3 years ago | (#33655230)

I guess I can see your point with the items you listed. They do seem to be valid use cases.
I think perhaps the root of the problem is that I can't think of a single person whom I would want up to the minute updates on.
Still...I can imagine perhaps sporting events or maybe a huge news story while I'm at work or on my mobile and don't have a proper connection handy.

Re:Interesting, yet pointless (1)

istartedi (132515) | more than 3 years ago | (#33655712)

I can't think of a single person whom I would want up to the minute updates on

Neither can I. That's why I don't follow anybody who tweets their poops.

Re:Interesting, yet pointless (1)

PRMan (959735) | more than 3 years ago | (#33656024)

I thought it would be interesting during hockey's free agency period, but it's caused nothing but problems. There have been more false reports this offseason than in the last 20 combined.

Re:Interesting, yet pointless (1)

koiransuklaa (1502579) | more than 3 years ago | (#33656190)

I can't think of a single person whom I would want up to the minute updates on.

If this is what all your friends are doing, may I suggest the problem is with them, not the medium?

Re:Interesting, yet pointless (1)

Culture20 (968837) | more than 3 years ago | (#33655078)

Micro-blogging is not a means of logging extensive information; it's more like a party-line web-based IRC or other chat. Chat to the world, and maybe someone will be listening.

Re:Interesting, yet pointless (1)

Jedi Alec (258881) | more than 3 years ago | (#33655250)

Yup, it's pretty much IRC, except one's future employer has been provided with a better search engine to find out all the inane crap we spouted 20 years from now ;-)

Re:Interesting, yet pointless (2, Funny)

TheFlamingoKing (603674) | more than 3 years ago | (#33655478)

Behold, the Twitter dualism:

1. All tweets are mindless drivel about what someone ate, the weather, and other trivialities.
2. Your potential employer will mine this deeply personal information and use it against you.

Re:Interesting, yet pointless (5, Insightful)

Anonymous Coward | more than 3 years ago | (#33655160)

No, I don't use Twitter. Yes, I see the point of using Twitter. No, I don't go around telling people how great life is without Twitter.

I'm sure that there are thousands of fantastic services out there, both on the internet and IRL, for which I have no use, and loads of great services for which I can't even envisage a practical use.

Another thing; your own viewpoints aren't the only ones and likely to be incorrect or incomplete when thoroughly scrutinized. Deal with it.

Re:Interesting, yet pointless (1)

marcello_dl (667940) | more than 3 years ago | (#33655174)

Not pointless as technology, even if mostly filled with useless stuff.

Twitter replaces a bit of email and a bit of irc in a web2.0 fashion. Which is: take internet protocols that mostly worked, enhance their functionality (when possible) and put them in a centralized webapp (the "cloud" has to do with the internals of the app's server infrastructure, so "centralized" is the right term). With all pluses and minuses of a monoculture.

The web2.1 seems to be: instead of webapps sell apps for smartphones instead, get the user to pay for the download and gather lots of info.

This trend suggests that web 3.0 will be known as "the big brother".

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33656592)

Twitter is pants and it jumped the shark.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33655196)

It's reliable when it comes from the horses mouth. The trick is to follow the right horses.

Re:Interesting, yet pointless (3, Funny)

ColdWetDog (752185) | more than 3 years ago | (#33655214)

Hi Gramps! Shuffleboard on the main patio in 15 minutes. See you there.

Face the facts. Email is for us old people. Twitter is for, well, twits. But that's OK, the nurses are kinda cute and I like not having to get up early in the morning.

Re:Interesting, yet pointless (2, Insightful)

MobileTatsu-NJG (946591) | more than 3 years ago | (#33655262)

Is it really better than reading a well thought out and reasoned article about something?

I like how you ask this on a site that routinely uses the term "RTFA".

Re:Interesting, yet pointless (2, Insightful)

Pecisk (688001) | more than 3 years ago | (#33655290)

While Twitter is not Jack Of All Trades as Facebook claims to be for example, it is very useful tool for information freaks. It really is useful IF used properly - or complete waste of time if not. I use it to get info about lot of interesting things which I would miss otherwise. No, I don't use it for 'OMG Radiohead rulles'. I also use it for spreading information which can be interesting for others too.

In fact Twitter IS micro blogging, so in nutshell, it has mostly those same strengths and weaknesses as normal blogging. However, it is much easier to just write small message than compose entire blog entry. So you can state a fact about traffic on road. Or result in sports game. Or anything what happens, you witnessing it and want to spread message quickly. It feels and works like sms network.

So, again, it really depends how do you use this tool. Some companies use it to get fast and quick communication with clients when needed. They follow filters and tags and react if there is a problem.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33655296)

It's the latest excuse to goof off at work. Works because management thinks their tweets are important enough that they don't blacklist the site. Posting anonymous because our VP thinks we all need to read random thoughts that flit through his mind...

Re:Interesting, yet pointless (4, Interesting)

kaiser423 (828989) | more than 3 years ago | (#33655308)

Instead of having our captain for the team manage an ungodly email list for game times, updates, notifications, etc, he just has a twitter feed.

That way, it's hey you're new to the team, subscribe to @MySoccerTeamName and get all the info on when/where our games are, planning for team BBQ's, etc.

Because someone always changes an email, or someone gets all spam-infected and spews to the whole list or whatever and you have bounces, etc.

A twitter feed is just dead simple. It's also nice for quick updates; I couldn't make the game, but the captain tweeted a 5-2 win immediately after, so I got to see it.

It's incredibly nice; no need to visit a webpage or check your email or whatever, it's in a little app that everyone has on their phone or computer or whatever.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33656192)

Because someone always changes an email, or someone gets all spam-infected and spews to the whole list or whatever and you have bounces, etc.

A twitter feed is just dead simple. It's also nice for quick updates; I couldn't make the game, but the captain tweeted a 5-2 win immediately after, so I got to see it.

It's incredibly nice; no need to visit a webpage or check your email or whatever, it's in a little app that everyone has on their phone or computer or whatever.

So I reckon you never heard of RSS/Atom feeds, have you?

Re:Interesting, yet pointless (2, Insightful)

lennier (44736) | more than 3 years ago | (#33656672)

Because someone always changes an email, or someone gets all spam-infected and spews to the whole list or whatever and you have bounces, etc.
A twitter feed is just dead simple. It's also nice for quick updates; I couldn't make the game, but the captain tweeted a 5-2 win immediately after, so I got to see it.
It's incredibly nice; no need to visit a webpage or check your email or whatever, it's in a little app that everyone has on their phone or computer or whatever.

All these things are sensible, but I have two major questions:
1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?
2. Why does it have to be limited to 140 characters? People who want publish/subscribe also want to send arbitrary files to all their friends, not just tiny snippets which can't even store a Web-standard URL. Since most people on mobile devices now use data services, there seems to be no reason to hamstring serious computer users just to keep up compatibility with a broken historical text-messaging limit.

Pub/sub and microblogging are two orthogonal technologies. Rather, channel-oriented pub/sub is a distribution model (solving the nightmare of managing mailing lists), and microblogging is an application. We should not tie the pub/sub distribution model myopically to the microblogging application. Twitter (and Facebook) both seem to be very obviously The Right Thing To Do but equally obviously The Wrong Way To Do It . So when does the Right Thing appear?

Have we so soon forgotten that what make the Web work was open distributed free-to-implement standards?

Re:Interesting, yet pointless (1)

phorm (591458) | more than 3 years ago | (#33657162)

1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?

Probably because nobody has made one, or at least not one that was as easily adoptable.

2. Why does it have to be limited to 140 characters? People who want publish/subscribe also want to send arbitrary files to all their friends, not just tiny snippets which can't even store a Web-standard URL. Since most people on mobile devices now use data services, there seems to be no reason to hamstring serious computer users just to keep up compatibility with a broken historical text-messaging limit.

It appears to be the standard limit for the size of a text-message... (http://www.140characters.com/2008/11/13/hello-world/)

Re:Interesting, yet pointless (1)

Fex303 (557896) | more than 3 years ago | (#33657542)

1. Why isn't something this widely useful (publish/subscribe messaging) a protocol - logically, an SMTP extension - rather than a proprietary web application?

Because the folks at Twitter made it, and seem to want it that way. Not ideal, but if it had been launched as a protocol it would be basically impossible to get updates and tweaks happening. There's probably a lot more to this, but basically it boils down to the fact that VC sponsored ideas are not likely to become protocols.

2. Why does it have to be limited to 140 characters?

This seems arbitrary, but it's a key part of why Twitter is good. You can't post long, boring diatribes. You have to be snappy and concise. That makes it possible to follow a bunch of people, since none of them can flood your feed with TL;DR garbage. The downside is that you can't discuss a nuanced topic or hold a decent debate on Twitter. But that OK, because that's not what Twitter is about.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33657986)

2. Why does it have to be limited to 140 characters?

Because Twitter was designed for SMS and they decided to reserve 20 characters for @username; SMS is 160 characters because research determined that to be sufficient length for one thought.

Why not raise the limit? Maybe because they have a bunch of users (like me) who continue to use Twitter over SMS?

Re:Interesting, yet pointless (1)

slapout (93640) | more than 3 years ago | (#33655674)

"Really,I know a lot of people seem to be using twitter, but I just don't get it. Am I too old?"

I used to think the same thing until I started playing with it. It's all about who you follow. For instance, I follow Weird Al and every couple of days he posts something funny. And it's also how I found out about a Ustream Q&A that he was doing one day. Back in 2008, I was following Leo Laporte, but instead of tech posts, I was getting commentary on the US presidential elections. So I unfollowed him. It's all about finding people who post things that interest you and then following them.

Re:Interesting, yet pointless (0)

Anonymous Coward | more than 3 years ago | (#33655788)

Yes, you're too old. Or at least become too inflexible to understand and embrace new things.

Re:Interesting, yet pointless (1)

Quirkz (1206400) | more than 3 years ago | (#33655802)

I use them to announce updates for my online game. Generally those updates need to be short, or details need to be elsewhere, like on forums, for lengthy discussion. It works fantastically as a way to let people know about changes.

Technical truth is I post the update on Facebook and let it forward to Twitter. It automatically applies URL shorteners for me, making things even easier.

Re:Interesting, yet pointless (1)

lmr2020 (1454503) | more than 3 years ago | (#33656014)

I'm 55 and I use Twitter daily. It's a way of catching up quickly with my friends and family without having to visit a Facebook page (which I do not use) or texting (which I also do not use). I follow my favorite musical artists and authors, support various charities and help groups, and get links to many various articles and blogs that interest me.

Re:Interesting, yet pointless (1)

Provocateur (133110) | more than 3 years ago | (#33656692)

Do you post stuff yourself, so they get to follow you as well? (It is a serious question, specially since you mentioned that you don't text. I might start doing it as well but I can also text)

Re:Interesting, yet pointless (1)

lmr2020 (1454503) | more than 3 years ago | (#33657278)

Yes, I also post on Twitter.

Serves you right (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#33654924)

This is what you get for utilizing a service as completely retarded as twitter and may I be the first to say "Bwahahaha!"

Just goes to show you have to be a twat to twit (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#33654936)

As the screw turns

There are no such twats here

dupe (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33654974)

This was covered in the original post this morning. Nothing new in FTA versus the comments in the other one...

Obligatory (4, Funny)

Anonymous Coward | more than 3 years ago | (#33655048)

Twitter closes hole after attack hits up to 500 000 of its users, known as twits.

Title should have been: The early bird... (3, Funny)

Starteck81 (917280) | more than 3 years ago | (#33655202)

...gets the worm and then tweets about it. ;-)

strange brew that's also good for you (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33655224)

That would be home made Kombucha.

So what? (0)

Anonymous Coward | more than 3 years ago | (#33655226)

Twitter is RSS for imbeciles; why does anybody care about (140 characters and less) inane bullshit being "retweeted"?

The irony (0)

Anonymous Coward | more than 3 years ago | (#33655258)

People tweeted about the exploit, that's why it became so popular in the first place.

Twit of the year (0, Troll)

RevWaldo (1186281) | more than 3 years ago | (#33655622)

Isn't it about time Twitter got it's own topic icon [jumpstation.ca] ?

.

Re:Twit of the year (1)

techno-vampire (666512) | more than 3 years ago | (#33656462)

I would have thought that this [wikimedia.org] would have been more appropriate, but YMMV, and obviously does.

A great disturbance? (0, Offtopic)

Phics (934282) | more than 3 years ago | (#33655760)

...as if millions of chirping birds suddenly cried out in terror and were suddenly silenced.

More like peace and quiet for once... At the risk of careening off topic, anyone else think the web has become an unnecessarily noisy place? It's getting harder and harder to cut through the crap and meaningless prattle...

...hmm... I'd better shut up now....

Belly Button Lint Story (0)

Anonymous Coward | more than 3 years ago | (#33655786)

This is a Belly Button Lint Story. If you use facebook, myspace or twitter, then you deserve to be hacked. What a complete waste of time.

My last tweet was "found belly button lint - story at bar later." Probably the most useful tweet in months across the entire system.

cost? (1)

vlm (69642) | more than 3 years ago | (#33655806)

putting estimates of the total number of victims at around 500,000 according

What if each text costs ten cents, thats $50K of revenue for the telcos. Since "everyone knows" the actual cost of service is like a million of a cent per text, thats about $50K profit for the telcos.

noscript (2, Informative)

bhcompy (1877290) | more than 3 years ago | (#33655852)

And this is why I use NoScript. Sweet, sweet XSS protection with large, annoying warning when you come across one.

Why all the hate? (3, Insightful)

inanet (1033718) | more than 3 years ago | (#33656272)

I really don't get the twitter hate.

I don't like facebook, but I can see its value, particularly if you manage it right and use it to share news and photos with friends and family etc. there are other valuable uses, but I use the example.

I still dont use it.

I don't use bebo, or myspace, or facepalm or crotchpunch.

Doesn't mean I have to hate on them.

I use twitter in much the same way other people have mentioned. I don't follow twitter shitters. (people who tweet constantly about inane shite) But I do follow people who provide interesting information, along with people I know and a range of news sites from aljazeera to bbc, to the NZ news site stuff, to Scientific american, and a range of others!

I follow a range of people, and I Find twitter useful because i can fire up my smartphone, pull up my twitter client and get a "snapshot of the world" and that's really what it is, any big news event happens, anywhere in the world I would probably put money on the fact I'll hear about it before anyone who isn't on twitter and isn't directly affected.
XKCD did a great comic about how people could hear about an earthquake via twitter before the actual shockwaves hit them.
but in short, if you don't want to use twitter, then don't, but all that your raging anti-twitter stance says is "I tried twitter but nobody followed me back"
so obviously you had nothing to add, therefore thank you for not using the service, you've increased its value already!

Re:Why all the hate? (5, Insightful)

apoc.famine (621563) | more than 3 years ago | (#33657928)

I had this discussion over some beers with some like-minded friends recently. What we settled on was, "When does it stop?"

BBS, finger, chat, IRC, email, IMs of 90 flavors, pagers, forums, MySpace, texting, LiveJournal, Blogs, Facebook, Twitter, LinkedIN, etc...

I think the Twitter hate is because you are hanging around the demographic that's largely filled its quota for "new shit that I have to keep track of". Add in our games, RSS feeds, slashdot, comics, etc., and we've filled our time on the internet. We either have to start purging old methods of communication and old pastimes, or we can't start new ones.

Right now, there's a large number of us who have thriving communities in enough places that we're not interested in another. It's not just Twitter - that's just the one that we're being pushed the hardest to adopt. And for a lot of us, Twitter doesn't hold a draw. I'm sure you've found some reasons to adopt it. But I don't have time for it. I'm full up.

Yet here you are, blathering on about how you use Twitter for so many things, how useful it is, blah blah blah.

Does it make any more sense now why the Twitter hate? We don't care already. Shut up about it. Some of us aren't about to give up something else for Twitter, and we'd need to in order to pay attention to it.

Our information bandwidth has been exceeded.

The sooner you and everyone else stops rambling on about The Next Big Thing On The Internet, the sooner we'll stop hating it.

(For the record, I came here to find technical details about the XSS, for although I don't care about Twitter, the details are important in the grand context of the internet. I just figured since you hadn't figured it out yet, I'd stop and point out why a lot of us hate Twitter. And your post which had nothing to do with the details of this attack is a prime example. We get it. You want to make passionate love to Twitter and have its babies. Yet you come to an article about a hack job, and instead of posting anything interesting about the technical aspects, you post a totally unrelated bit of flamebait about "Twitter Hate". That's why we hate Twitter. People doing what you just did. So if it bothers you that we hate your exciting new lover, stop posting shit about your love for Twitter when it's entirely inappropriate.)

An XSS attack? Really? In this day and age? (1)

wiredog (43288) | more than 3 years ago | (#33656284)

This is an old (for the web) type of attack. No web site should be vulnerable to this sort of thing because all web developers (including me) know to sanitize their inputs. If only in order to avoid a Bobby Tables incident [xkcd.com]

Re:An XSS attack? Really? In this day and age? (0)

Anonymous Coward | more than 3 years ago | (#33657256)

Geez, xkcd. For some reason I feel that's like repeating the same stupid well known nerd joke for the thousandth time... do you think we don't know already about that piece of comic? It wasn't that original in the first place anyway.

By my calculations (2, Interesting)

ksandom (718283) | more than 3 years ago | (#33657270)

that's ~81 minutes or just under an hour and a half. When was their discovery of the issue? If that's 1.5 hours from becoming aware of the issue to closing it, it's not terrible. What time of day was it at the office doing the maintenance? Was it even in office hours when someone would be there?

Please explain (1)

gringer (252588) | more than 3 years ago | (#33658408)

So, twitter is a bit like IRC. Is there a web interface to an IRC server that works in a similar way to twitter? It seems a bit silly to re-invent a protocol that's like IRC, but with fewer characters per message.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>