21 July 2018
Paul Penrose


Paul Penrose - Finextra

307Posts 1,376,766Views 248Comments
Finance 2.0

Finance 2.0

A community for discussing the application of Web 2.0 technologies to financial services.
A post relating to this item from Finextra:

Phishers target Twitter

06 January 2009  |  9252 views  |  0
Users of micro blogging site Twitter, including comedian Stephen Fry, have been duped by a phishing scam.

What's your Twitter password?

08 January 2009  |  5186 views  |  0

Quality PR from Sophos. I couldn't put it better myself:

IT security and control firm Sophos is calling on Twitter to enforce the use of strong passwords by its members following the recent publication of details on how a hacker managed to gain access to Twitter's internal systems earlier this week.

According to reports, the teenage hacker, who uses the online handle GMZ, claims he gained entry to the micro-blogging site’s administrative control panel by using a dictionary password guesser at a Twitter staffer’s account. Unfortunately for Twitter and its hacked users, the staff member had chosen the dictionary word “happiness”.

GMZ claims that he did not use other hacked accounts himself, but posted a message on a hacking forum offering access to any Twitter account by request.

"What lessons can be learnt from this incident? Firstly, you should never use an easy-to-guess password to secure your online website accounts. Using a dictionary word like “happiness” shows a complete lack of knowledge about how to use computers safely," explained Graham Cluley, senior technology consultant at Sophos. "Twitter could help avoid this problem by insisting that passwords are not known dictionary words, or forcing the use of numbers and other characters - such as underlines, exclamation marks and percentages - in users’ chosen passwords."

"Secondly, Twitter and other websites should be able to tell when hackers are trying to brute-force their way past a password. GMZ says he ran his automatic password guessing program overnight before it finally broke its way in. There’s no reason why Twitter couldn’t, say, notice that someone has entered the wrong password three times in a row, and then insist they wait 15 minutes before trying to log in again," continued Cluley.

TagsSecurityRetail banking

Comments: (0)

Comment on this story (membership required)

Latest posts from Paul

ANZ and Visa lose the plot

30 June 2011  |  6858 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineRetail banking

Don't give up the day job...ever

20 May 2010  |  6104 views  |  0 comments | recomends Recommends 0 TagsTrade executionWholesale bankingGroupWhatever...

Now we are ten

19 April 2010  |  6474 views  |  3 comments | recomends Recommends 0 TagsRetail bankingWholesale banking

Finextra's Best of the Web

05 March 2010  |  5983 views  |  1 comments | recomends Recommends 0 TagsRetail bankingWholesale banking

The ATM was the last great financial innovation

25 February 2010  |  10138 views  |  8 comments | recomends Recommends 0 TagsRetail bankingWholesale bankingGroupFinance 2.0

Paul's profile

job title Head of Research
location London
member since 2007
Summary profile See full profile »
I'm responsible for editorial content and quality control across the full range of Finextra media.

Paul's expertise

Member since 2006
307 posts248 comments

Who's commenting on Paul's posts