Get started with App.net.

  Sign up now  
eridius
    So Twitter just recently had some downtime, and now they're sending out password reset emails. Sure sounds like they got hacked to me.
    eridius
      @cocoasamurai Best part of that post? The second-to-last paragraph that basically admits it's because they were running Java.
      cocoasamurai
        @eridius of course this is Twitter, they’d never directly admit what caused this
        adiabatic
          @eridius @cocoasamurai That’s what makes me wonder — if Java applets are notoriously vulnerable, does that say anything of Web apps written in Clojure?
          eridius
            @adiabatic @cocoasamurai Java applets are insecure because they're running untrusted code and have sandbox exploits. Web apps only deal with untrusted data, not untrusted code.
            oluseyi
              @eridius Actually, it indicates that Twitter *users* were individually compromised, allowing third parties to obtain their usernames, passwords and/or unsalted password hashes, probably via drive-by downloads leveraging Java applets and so forth.
              There are 12 new posts
              eridius
                @oluseyi Did you read the blog post? That's not at all true. Twitter themselves were attacked, not Twitter users.
                oluseyi
                  @eridius Twitter just responded to the unusual access patterns by proactively resetting their passwords. This doesn't indicate a direct attack on Twitter's infrastructure, but rather preliminary actions that could have enabled such in the future.
                  eridius
                    @oluseyi Again, read the blog post. They _admitted_ to being attacked and having 250k user credentials comrpomised.
                    oluseyi
                      @eridius Nope: "This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. ...
                      oluseyi
                        @eridius "Though only a very small percentage of our _USERS_ were potentially affected by this attack..."
                        eridius
                          @oluseyi Reading comprehension fail. The "unusual access patterns" means Twitter's infrastructure was being attacked. User data was compromised as a result of the attack, not as a result of individual users being attacked.
                          oluseyi
                            @eridius That's not what it says. What it says is that the pattern of attacks suggests that as many as 250,000 users may have already been compromised, serving as initial attack vectors on Twitter.
                            eridius
                              @oluseyi I'm not going to debate this with you anymore. You're simply wrong. And as a user who had his password reset, I can guarantee you I wasn't individually attacked or had my machines compromised in any way.
                              oluseyi
                                @eridius "Reading comprehension fail" is really snarky and insulting from someone too stupid to understand what they're actually reading. "Unusual access patterns" means an attack on Twitter, yes, VIA compromised user accounts.
                                eridius
                                  @oluseyi Whoops, you just crossed the line into personal insults. I'm not sure why you're being so defensive, but congratulations on being my first ever ADN mute.
                                  oluseyi
                                    @eridius No, you simply fit a profile. The password reset was proactive.
                                    oluseyi
                                      @eridius "Reading comprehension fail" IS an insult. Snark is so widespread that people who default to it don't realize how rude it is.
                                      mgrimes
                                        @eridius @adiabatic @cocoasamurai but who writes those anymore… HTML5.
                                        mgrimes
                                          @adiabatic @eridius @cocoasamurai you don’t need to switch languages to avoid java applets - use web frameworks like the rest of the planet (gwt, smartgwt, etc or even plain ole java & js) - USERS have concern using legacy tools; devs aren’t impacted by it
                                          ejknapp
                                            @eridius @oluseyi I just tapped unfollow instead of mute. It’s been coming and the time was right.
                                            adiabatic
                                              @mgrimes @eridius @cocoasamurai true, but not all Java applets out there have been rewritten yet. Plus, I’d have to spin up a VM with that gunk installed to back-engineer the ones on, say, http://yudkowsky.net/rational/bayes — not my idea of a fun weekend