Security
Passwords: The Biggest Lesson from the Twitter Hack
If you use a Twitter, go online, or have ears, you've probably heard all about the Twitter hack a week or so ago. Nic Crubilovik of TechCrunch, who has been corresponding with the responsible person, has shared the details of the hack.
This wasn't one of those sophisticated, sexy hacking attempts that Hollywood likes to make movies about. No, this was a simple game of hack the password. First, the hacker used the "forgot password" feature on Gmail, which told the hacker that the password was being sent to the user's backup email account: xxxxx@hxxxxxx.com. The hacker correctly guessed that the email was going to a Hotmail account, and headed there to try to log into it. This is when his luck really kicked in:
2009 NTC Preview: Lance Wolack on Protecting Your .ORG Domain
Do you know what DNSSEC is? I didn't either. I'm still not totally certain, but what I CAN tell you is this: It used to be that you didn't really have to worry about the kinds of security issues that plague big organizations, but the times are changing, and so are the hackers. More of us than ever are vulnerable to the kinds of security holes that hackers like to exploit.
Lucky for us, we have the Public Interest Registry on our side. Lance Wolack of PIR is leading a session at the NTC to help us untangle all the security mysteries that threaten our .org domains: "Building a Stronger and More Secured Online Community". We spoke about that session a while back:
