HC accessed Gmail for a Twitter employee by using the password recovery feature that sends a reset link to a secondary email. In this case the secondary email was an expired Hotmail account, he simply registered it, clicked the link and reset the password. Gmail was then owned. wow powerleveling HC then read emails to guess what the original Gmail password was successfully and reset the password so the Twitter employee would not notice the account had changed. wow power leveling HC then used the same password to access the employee’s Twitter email on Google Apps for your domain, getting access to a gold mine of sensitive company information from emails and, particularly, email attachments. HC then used this information along with additional password guesses and resets to take control of other Twitter employee personal and work emails. HC then used the same username/password combinations and password reset features to access AT&T, MobileMe, Amazon and iTunes, among other services. A security hole in iTunes gave HC access to full credit card information in clear text. HC now also had control of Twitter’s domain names at GoDaddy. wow leveling Even at this point, Twitter had absolutely no idea they had been compromised. What could have happened next is that Hacker Croll could have used or sold this information for profit. He didn’t do that, and says he never intended to. All he wanted to do, he says, was to highlight the weaknesses in Twitter’s data security policies and get them and other startups to consider more robust security measures. wow powerlevelingHe also says he’s sorry for causing Twitter so much trouble. We asked Hacker Croll if he had any message he wants to deliver to Twitter, and he sent me the following: The Anatomy Of The Twitwow power levelingter Attack Je tiens à présenter toutes mes excuses au personnel de Twitter. Je trouve que cette société a beaucoup d’avenir devant elle. diablo 2 cd key J’ai fait cela dans un but non lucratif. La sécurité est un domaine qui me passionne depuis de longues années et je voudrais en faire mon métier. Dans mon quotidien, il m’arrive d’aider des gens à se prémunir contre les dangers de l’internet. Je leur apprend les règles de base.. Par exemple : Faire attention où on clique, les fichiers que l’on télécharge et ce que l’on tape au clavier. S’assurer que l’ordinateur est équipé d’une protection efficace contre les virus, attaques extérieures, spam, phishing… Mettre à jour le système d’exploitation, les logiciels fréquemment utilisés… Penser à utiliser des mots de passe sans aucune similitude entre eux. Penser à les changer régulièrement… Ne jamais stocker d’informations confidentielles sur l’ordinateur…diablo 2 cd key J’espère que mes interventions répétées auront permis de montrer à quel point il peut être facile à une personne mal intentionnée d’accéder à des informations sensibles sans trop de connaissances. Hacker Croll. This roughly translates to: I would like to offer my personal apology to Twitter. I think this company has a great future ahead of it. I did not do this to profit from the information. Security is an area that fascinated me for many years and I want to do my job. In my everyday life, I help people to guard against the dangers of the Internet. I learned the basic rules .. For example: Be careful where you click the files that you download and what you type on the keyboard. Ensure that the computer is equipped with effective protection against viruses, external attacks, spam, phishing … Upgrading the operating system, software commonly used … Remember to use passwords without any similarity between them. Remember to change them regularly … Never store confidential information on the computer … I hope that my intervention will be repeated to show how easy it can be for a malicious person to gain access to sensitive information without too much knowledge. Croll hacker. What’s the takeaway from all this? Cloud services are convenient and cheap, and can help a company grow more quickly. But security infrastructure is still nascent. And while any single service can be fairly secure, the important thing is that the ecosystem most certainly is not. Combine the fact that so much personal information about individuals is so easily findable on the web with the reality that most people have merged their work and personal identities and you’ve got the seed of a problem. A single Gmail account falls, and soon the security integrity of an entire startup crumbles. So for a start, reset those passwords and don’t use the same passwords for different services. Don’t use password recovery questions that can easily be answered with a simple web search (an easy solution is to answer those questions falsely). And just in general be paranoid about data security. You may be happy you were.
Back to yu yu's blog, 'user_report.php?return_url=http%3A%2F%2Fwww.glirc.org%2Fs%2Fblog.php%3Fuser%3Dliping%26blogentry_id%3D92&TB_iframe=true&height=300&width=450', '', './images/trans.gif');){kind=spacer}
Inappropriate Content
