Web Developers

Ewww – Twitter Has Worms

Posted by on Apr 13, 2009 | 15 Comments

Kids today are either too smart for their own good while at the same time, many of them are totally bankrupt in the morals department. Unfortunately, in the case of recent Twitter account attacks by a “Twitter Worm”, things are really getting out of control.

To make matters worse,the individual responsible for the initial worm, has apparently created a second Twitter worm. Based on the fact that we know who it is, I am failing to understand why he is not in jail right now? Why is this kid allowed to create problems like this while only receiving more traffic for his site instead? Clearly, I am missing something here.

To things even worse, when the first worm came out, the site being mentioned in the worm’s code was pleading with individuals to believe them, as they claimed to be the target of abuse. Due to the plausibility of a competitor doing such a thing, I gave the guy the benefit of the doubt. Now, it appears I was wrong and he is willing to do whatever it takes to drive traffic to his service.

  • http://youtube.com/comphelper225 Comphelper225

    Well Thats Kinda Retarded…if that kid was over 18 he would of gone to jail….he should of at least gotten a fine!

  • Phantomsteve

    “There is just one small issue using this type of a password and that is trying to remember it. I know I would most likely have to write it down, which would compromise the purpose of using this type of password. So is there a better way to come up with a password that is secure and that we can remember? A simple, easy to remember password that most Web sites would accept without a problem?”

    You could use numbers/symbols in place of letters.

    For example, if you chose atlas1 as your password:
    a+!A5 (t -> +; l -> !; s -> 5)

    Some useful substitutions:
    a: @ or ^
    b: 8 or 9
    e: 3
    g: 6
    h: 4
    i: ! or 1
    l: ! or | or 1 or 7
    o: 0
    s: $ or 5
    t: +
    v: ^
    z: 2

    If I had Steve1 as my password, I could substitute this with:

    5+3^e1

    • http://twitter.com/anarchei Anarchei

      I was going to suggest substitutions as well.

  • Anonymous

    For all i care passwords length is irrelevant to some degree. I would prefer it if the website defends against brute force password guessing attacks rather then forcing me to use a complex password – the “try 3 times the wrong password and your IP address will get banned for a week” kind of approach. This is kind of very easy to implement and more secure then leaving it to users to come up with secure&complex passwords.

    For online banking websites where high security is a must i would like them to go one step further and use a security token key in addition to a password – passwords can be captured by keylogger software and are not safe for something like this, so a physical key-token generator (like RSA SecurID or eToken, etc) that generates a new key every 30 seconds is a must!

  • http://twitter.com/anarchei Anarchei

    I know some banks already do this. At least my bank, Suncorp, offer it as an option for people who do their banking online.

  • http://www.facebook.com/people/David-WN/503715363 David WN

    I’ll let your math buddy go with his 6-character passwords. I’ll stick with the method “whut brung me”. *heh* Takes some time to type my passwords in, unless I use LastPass (and I do, with another of my “overkill” passwords to enable it), but they’re easily remembered.

    Here’s one variation: choose the second or third verse of a song or poem that you’ve memorized. Take the first letter of each word in the verse. Change a few of the letters to symbols according to a method that makes sense to you. Practice typing the password while reciting the verse mentally. Got it? Now, stick a fork in it.

    64-character passwords designed this way are pretty darned secure and easy-peasy to remember. Overkill? Well, sure. Way overkill. For now.

  • http://www.bindermichi.de bindermichi

    A thing I’ve learned over the years is, that a password on a properly secured system is usually 32 characters long.

    Why?

    Because the original password is converted in a 32 character hash value that is stored in a database.

    Result: every password has 32 characters

  • Histrion

    There’s a DIY-hardware solution to remembering your “random” 6-char passwords, something I saw on LifeHacker not long ago: create a cryptkey-card and keep it in your wallet.

    The idea is that the card, which can be printed on a 3×5 notecard or whatever will fit in your wallet, should have indexed rows & columns. For every website that you need a password for, come up with a character pair (for instance, lockergnome could be LG). Find the intersection of row L, column G, and starting with that character, use six characters from the card.

    If this still doesn’t feel sufficiently secure, have some sort of mental mod that you apply to the characters as you use them (for instance, apply rot1 to the first letter or number, rot2 to the second, etc.)

    The only complication with this approach is that some websites insist on periodic password changes.

  • http://twitter.com/jbluther Jared B. Luther

    Come up with a 4 digit number (ex. 1234). Then mix those numbers with the first 3 letters of the site you use that password. (ex. Twitter would be 1t2w3i4 , Google 1g2o3o4 , Facebook 1f2a3c4, etc.) Easy to remember (just remember the number) and its always different so when Sony loses your 1p2s3n4 password, it doesn’t work anywhere else.

  • Anonymous

    Neither of my banks (both leading banks in the UK) support anything except numbers and letters in their passwords. On the one hand, I think this is terrible because I want a more secure password, but on the other hand, I assume there must be some restriction because of the encryption they use which must be better or they wouldn’t use it.

  • http://twitter.com/AlexFoleyTV Alex Foley

    Regardless of the strength of the password, it’s all down to the security of the information on the site you’re using (with exception to local passwords, obviously) I mean, the pentagon has been hacked, Nasa has faced hackers multiple times, Sony, very recently as we’ve all heard, in the end, it’s highly unlikely that this is going to happen to you, however, there’s always that chance, the Internets biggest advantage of being customisable by anyone, is also it’s biggest downfall.

    Be careful.

  • Anonymous

    Thanks everyone for your comments and feedback. It is appreciated.

  • http://pulse.yahoo.com/_INR7X6Y4M4OMNSILWWHUKXZGKI Robert James

    Hello,
    Great information providing by you regarding the business sign . This post is very informative and valuable. It help to increase my knowledge about business sign.Thanks a lot.
    _______
    business signs

  • Anonymous

    Its great to know that a new technology Halifax holiday matchmaker will helps you to decide your holiday destination. This Facebook app quickly scans your profile and matches you to the optimal holiday destination. The decision made by the matchmaker is based on your interests, hobbies, status updates, likes, and other information readily available on your Facebook page. Isn’t it sounds interesting. And rest depends on you that you go to that destination or find new on your own.

    villas in spain

  • Anonymous

    Halifax Holiday Matchmaker sounds really good application. I will surely look forward to it and use it. I am very eager to find out what’s mine perfect holiday destinations. Thanks for sharing information about Halifax Holidays matchmaker i was not aware of it but come to know about it after reading this post.
    cheap flights packages