In an interview with GMZ, the 18 year old confessed that he had access to Twitter’s admin console. He also helped himself gain access to few high profile requests.

Check this out.

GMZ targetted a popular user named “Crystal” which later turned out to be an employee of Twitter and had administrative access. GMZ then launched a dictionary attack against the account. Since Twitter allowed unlimited failed login attempt, GMZ was able to break his way into his account. Later he compromised accounts of popular personalities like Obama, Britney etc.

So what can we learn from this?

Firstly follow strong password policy. A strong password must be easy for user to remember and difficult for attacker to guess/crack. Combination of special characters, upper case, lower case and numbers can make up a strong password.

Secondly the application should’nt allow unlimited failed login attempts. it should restrict the failed attempts to 3 or maximum 5. This will help prevent any bruteforce attack.

What else is on your mind that can prevent such incidents again?

Similar Posts you might be interested in:

• Keypads for doors
• Alleged hacker pleads guilty in TJX case

Be Sociable, Share!

•