Sunday, June 05, 2011

This hacking stuff is easy...

I'm sending word out to see how easy it is to spoof the "From TweetDeck" thing. (See post below.) In the meantime, let's mull over Weiner's odd mention of his Facebook account being hacked. That remark has always gnawed at me. FB and Twitter and connected; how easy are they to hack?

Real damn easy, as it turns out. See here and here. (But for god's sake, don't actually follow those instructions!)
Ignore all those hacking services, facebook hacks and hackers that charge you money for something you can do on your own for free. Hack the password of any of your friends accounts and get their password even as a prank or joke (you may also be interested in trying our How To Hack Twitter Accounts tutorial)
Twitter says that they plugged a similar hole circa 2009, but the hacker who wrote the above says that his script was updated as of "6/4/2011." Around the same time, a phishing scam snagged the passwords of several notables. Those passwords were reset -- but only if the victims knew that there was a problem. One can easily see a situation in which passwords were held in reserve.

6 comments:

milowent said...

hacking can't be ruled out i guess, due to goatsred's apparent history of shady shit.

what interesting about the yfrog email exploit is that very few people seemed to realize it was possible.

but for hacking to be what happened, the anti-weiner crew had to be pretty skilled. sarah palin's email was hacked, we know this stuff is possible.

but weiner saw the tweet and deleted it immediately, the application matches up.

i'm down to wanting the IP address source for the tweet. presumably twitter has that. is there anything else that definitively resolves this case? lots of random facts cut both ways at this point, uncertainty remains unless new evidence emerges.

Anonymous said...

Milo,

For now we can say that the "Hack" that Joseph described above was not used!

The hack above just gets the twitter account password reset and it takes several hours!!!

So, now we have to believe that the "hacker" used the hack described above to get Rep. Weiner's twitter password reset and the logged in?

Once the password is reset, you have to login using the new password on twitter and now even on TweetDeck.

So the hacker was able to request the password reset, login to TweetDeck and send the tweet with the link and then Rep. Weiner was able to still use TweetDeck and the old password less then 5 minutes later when he sent his Tivo tweet.

Sorry, the only way to know for sure he was hacked, is to get the records from Twitter and that is going to require a subpoena. So far Rep. Weiner has not chosen to go that route.

Timeline: http://www.thedaily.com/page/2011/06/05/060511-news-weiner-1-4/

Joe

Joseph Cannon said...

No, Joe, we can't say that the "eploit" theory was wrong. I need confirmation. Surely the "sent via" would have been visible to someone other than a potentially partisan "Christian" Texan...?

I'd also like to know if it is possible to spoof "sent via TweetDeck."

The hack mentioned above was just the first thing I found after about twenty seconds of googling. Frankly, I was pretty stunned at how easy it was.

I've been looking elsewhere, although perhaps it is best not to mention where. Apparently, though, there are apps that break Twitter passwords. At least -- such things can be found. Whether they WORK as advertised is a different matter.

Come on. The fact that this happened at the same time that there was an (irrefutable) conspiracy to smear weiner sexually -- a conspiracy led by someone who certainly possesses the knowledge to do such a thing -- a conspiracy whose leader "broke" the story, who had a history of harassing Gennette Cordova, and who went into hiding after proclaiming that he has nothing to hide -- all those facts taken together make this one pretty obvious.

I've lacked confidence about my stances before. Often. But this time? Not for a second.

milowent said...

@joe - a hack that requires a password reset seems impossible here since weiner retained ability to tweet. i guess when i say 'hack' now it means purely that someone had to have his twitter password, and used it. and made sure to post from tweetdeck. the probabilities of this scenario are going down.

if weiner's FB was truly hacked (explaining weiner's comment on that), and the dickpic taken from there, perhaps he had the same twitter password. but that's a lot of supposition that can't be proven without investigation of IP logs, etc.

i still wish patriot wasn't the sole person to see this tweet, its too bill burkett-rathergate for my tastes.

btw, i came here to post this thought: now that joseph has rotated the pic correctly, the light on the floor looks like exterior light thru a window, no? that means pic was not taken around 11:30pm at night, but during daytime. weird (to me).

Anonymous said...

Joseph,

I agree there is some real odd things out there and I was ready to see Rep. Weiner's view be the end of it until he did the round of interviews last Wednesday.

Franky, his statements over the course of those painful interviews and his lack real answers to very simple questions has just raised even more questions.

The media is even starting to report on other aspects of Rep. Weiner's behavior such as this one today.

http://www.nydailynews.com/news/politics/2011/06/05/2011-06-05_his_dc_car_is_registered_in_ny_and_way_out_of_date.html

Joe

Anonymous said...

If Weiner sent the photo why would he immediately delete it?