Club PA 2.0 has arrived! If you'd like to access some extra PA content and help support the forums, check it out at patreon.com/ClubPA
The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Twitter Continues To Have A [Twitter] Problem

17778798082

Posts

  • JazzJazz irregular Un-UKRegistered User regular
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    It used to be, I used it in the days before I had a smartphone or data plan. I doubt it's nearly as common now but it wouldn't surprise me that it's still a thing.

    HacksawMoridin889Lovely
  • KetBraKetBra FISTS OF JUSTICE! Registered User regular
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    That was like the original way twitter was done

    ohKiGmg.png
    Steam Bnet:KetBra#1692 Yo Satan
    CouscousJazzjmcdonaldRhesus PositiveDoodmannTetraNitroCubaneTomantaElvenshaeFencingsaxdavidsdurionsElldrenJaysonFourHacksawredxMartini_PhilosopherShadowfireMoridin889Centipede DamascusMagellTynnanspool32ButtersGennenalyse Rueben
  • JazzJazz irregular Un-UKRegistered User regular
    KetBra wrote: »
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    That was like the original way twitter was done

    It's literally why they had the 140 character limit, too.

    ElvenshaeFencingsaxElldrenredxMartini_PhilosopherShadowfireMoridin889Centipede DamascusTynnanspool32EchoButtersGennenalyse RuebenJulius
  • AthenorAthenor Battle Hardened Optimist The Skies of HiigaraRegistered User regular
    Ah, makes sense. I think I ignored twitter until like 2011-2012 or so.

    Official member of the Grilling Gentry
    "Brevity is the soul of getting your shit read." - Tube
    Rarely-updated Collecting blog
    He/Him
  • DevoutlyApatheticDevoutlyApathetic Registered User regular
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    It was the original technical reason for Twitter and the source of the character limits and stuff. Back in the dark ages before every phone always had an internet connection it made sense.

    FencingsaxElldrenHacksawJazzMegaMekLabel
  • DarkPrimusDarkPrimus premium Registered User regular
    send tweet

    dt3GeqU.png
    Gamertag: PrimusD | Rock Band DLC | GW:OttW - arrcd | WLD - Thortar
    BurtletoyJulius
  • HacksawHacksaw J. Duggan Wrestler at LawRegistered User regular
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    Back when I Twittered, I used to tweet via SMS because I didn't have a smartphone. It was definitely A Thing for a little while.

    Jazz
  • CelestialBadgerCelestialBadger Registered User regular
    edited September 2
    Ooops

    CelestialBadger on
  • syndalissyndalis Getting Classy On the WallRegistered User, Loves Apple Products regular
    There was a fantastic episode of Reply All called the snapchat thief where they went over how attacks like this happen and just how common they are.

    https://gimletmedia.com/shows/reply-all/v4he6k/130-the-snapchat-thief

    SIM swapping is apparently ludicrously easy to do and one of the primary reasons you are better off using a password manager and a 2 factor app that uses decaying tokens instead of SMS for verification.

    SW-4158-3990-6116
    Let's play Mario Kart or something...
    OrcaTetraNitroCubaneBlackDragon480Shadowfiredurandal4532ElldrenEcho
  • davidsdurionsdavidsdurions Your Trusty Meatshield Panhandle NebraskaRegistered User regular
    I’ve had repeated struggles with authentication apps where when I change devices I have to basically redo everything and nothing I do seems to allow me to transfer information over. It is extremely frustrating when you have a near endless amount of accounts you want to keep as secure as possible but the methods to do that are understandably difficult to set up repeatedly.

    PwH4Ipj.jpg
  • 21stCentury21stCentury A lovely pixel artist and gamecrafter [They/Them]Registered User regular
    edited September 2
    EDIT: Wrong tab and it took me way too long to catch that. sorry. :(

    21stCentury on
  • AthenorAthenor Battle Hardened Optimist The Skies of HiigaraRegistered User regular
    I’ve had repeated struggles with authentication apps where when I change devices I have to basically redo everything and nothing I do seems to allow me to transfer information over. It is extremely frustrating when you have a near endless amount of accounts you want to keep as secure as possible but the methods to do that are understandably difficult to set up repeatedly.

    Ever since my Xbox Live account got hacked in 2011-2012, I've been using a solution devised by a friend and mentor of mine.

    KeePass 2.0 file, encrypted with a passphrase that has some meaning to me
    The file is stored on Dropbox.
    The dropbox login is stored in the password safe.

    I use it at work, at home, on my phone... it does lead to some inconvenience, but so far it seems to work well. In my friend's case, he also has a hard-copy stored in a safety deposit box in case something ever happened to him and his family needed access.

    Official member of the Grilling Gentry
    "Brevity is the soul of getting your shit read." - Tube
    Rarely-updated Collecting blog
    He/Him
  • CelestialBadgerCelestialBadger Registered User regular
    You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.

    TetraNitroCubane
  • KamarKamar Registered User regular
    You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.

    Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.

    discrider
  • CelestialBadgerCelestialBadger Registered User regular
    Kamar wrote: »
    You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.

    Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.

    Just use a different password for each site.

  • MorganVMorganV Registered User regular
    Kamar wrote: »
    You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.

    Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.

    Just use a different password for each site.

    But how will I remember it if it's not 12345?

    WhiteZinfandelCelestialBadgerElvenshaeXaquinRchanenMild ConfusionZonugalShadowfireDark Raven XdiscriderToxMegaMekStabbity StyleMoridin889Kristmas KthulhuMagellMrVyngaardHacksaw
  • CelestialBadgerCelestialBadger Registered User regular
    A fun thing is to google your trash passwords and see who's got them.

  • TNTrooperTNTrooper Registered User regular
    Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.

    steam_sig.png
  • WiseManTobesWiseManTobes Registered User regular
    make your passwords a spree of swear words so that the more you forget it the more likely you are to accidentally say it and remind yourself!

    Steam! Battlenet:Wisemantobes#1508
    ElvenshaekimeTNTrooperHonkTox38thDoeButtersMan in the MistsMoridin889wanderingKristmas KthulhuShadowfireGennenalyse RuebenRchanenhonovereMrVyngaardHacksawTicaldfjam
  • ForarForar #432 Toronto, Ontario, CanadaRegistered User regular
    make your passwords a spree of swear words so that the more you forget it the more likely you are to accidentally say it and remind yourself!

    ... I have legit started doing this with a couple of sites that I seem inexplicably incapable of getting the correct login for.

    It's cathartic when it works, and highly baffling when I forget that I've done it, and it still works.

    First they came for the Muslims, and we said NOT TODAY, MOTHERFUCKER!
    Brovid Hasselsmof
  • EchoEcho Moderator mod
    A fun thing is to google your trash passwords and see who's got them.

    Or just check your spam folder to see if you get some porn blackmail spam with your leaked passwords in the subject.

    https://haveibeenpwned.com/

    Echo wrote: »
    Let they who have not posted about their balls in the wrong thread cast the first stone.
    redxElldrenMrVyngaard
  • Jebus314Jebus314 Registered User regular
    edited September 3
    TNTrooper wrote: »
    Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.

    This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.

    Jebus314 on
    "The world is a mess, and I just need to rule it" - Dr Horrible
    destroyah87SleepFencingsaxKayne Red RobeElvenshaeStabbity StyleKristmas KthulhuMegaMekMvrckMild ConfusionTetraNitroCubanekimeHefflingGnome-InterruptusRhesus PositiveMagellDisruptedCapitalistCouscousElldrenshrykeMoridin889Dark Raven Xdurandal4532Man in the MistsMrVyngaardMonwynLovelyMartini_PhilosopherHacksawDee KaeTicaldfjam
  • redxredx I(x)=2(x)+1 whole numbersRegistered User regular
    edited September 3
    Jebus314 wrote: »
    TNTrooper wrote: »
    Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.

    This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.

    it might be using a good password hashing algorithm, those are kinda, like somewhat, expensive to make rainbow tables for.

    It's also published by Google, who lot's of folks allowed to do stuff like store and sync actual passwords. Shrug.


    I would not use it.

    redx on
    This machine kills threads.
    TetraNitroCubane
  • discriderdiscrider Registered User regular
    edited September 3
    Jebus314 wrote: »
    TNTrooper wrote: »
    Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.

    This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.

    Nah.
    If it's any good, it would just check your password hash against the list of password hashes on the online database.
    I believe that's what haveibeenpwned does (not that you should submit a password to a website, but that also have a list of password hashes you can download to compare offline).
    And that should be reasonably secure.

    Or it just stores rockyou.txt locally and compares it.
    But that's not exactly rigorous.

    discrider on
    Steam Community page: http://steamcommunity.com/id/discrider/
    Oh hey! A knife!
  • discriderdiscrider Registered User regular
    Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.

    Steam Community page: http://steamcommunity.com/id/discrider/
    Oh hey! A knife!
  • lunchbox12682lunchbox12682 MinnesotaRegistered User regular
    discrider wrote: »
    Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.

    This and overly strict password requirements always struck as a way to long-term simplify password brute force. You're decreasing the number of valid passwords.

    DoodmannElldrenElvenshaeMoridin889Gnome-InterruptusLovelyHeffling
  • redxredx I(x)=2(x)+1 whole numbersRegistered User regular
    edited September 3
    discrider wrote: »
    Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.

    This and overly strict password requirements always struck as a way to long-term simplify password brute force. You're decreasing the number of valid passwords.

    Use long alphanumeric passwords with special characters, which don't use common patterns doesn't really do that. Like, yeah, you eliminate all the 1-13 character passwords, by forcing the user to select from a set of passwords that is 40 times larger than all of those put together. You let them use common patterns to fight against dictionary attacks, which are thousands of times faster than brute forcing.

    what these things do is make it harder for users to select easily memorable passwords, so they end up reusing good passwords sometimes with small modifications, and when those get compromised the result is significantly worse.


    edit: unless you're talking about "you can't use character !@%#^&; </'" or whatever, which is normally caused by incompetent programing.

    redx on
    This machine kills threads.
    durandal4532
  • CelestialBadgerCelestialBadger Registered User regular
    Does anyone actually use dictionary attacks? Every time I've been hacked it's been because something like Yahoo loses all their passwords.

    Of course, I don't use dictionary words for my passwords, but I don't use gore'hgor'hgo!!horse%

    Heffling
  • PolaritiePolaritie Sleepy Registered User regular
    Does anyone actually use dictionary attacks? Every time I've been hacked it's been because something like Yahoo loses all their passwords.

    Of course, I don't use dictionary words for my passwords, but I don't use gore'hgor'hgo!!horse%

    They're mainly useful when someone loses a database of hashed passwords. But social engineering and such is easier.

    Steam: Polaritie
    3DS: 0473-8507-2652
    Switch: SW-5185-4991-5118
    PSN: AbEntropy
  • DarkPrimusDarkPrimus premium Registered User regular
    If Nite Team 4 has taught me anything, it's that with enough details known about a target, running the dictionary attack is only going to take a couple minutes at most so you might as well attempt it before going the social engineering route.

    dt3GeqU.png
    Gamertag: PrimusD | Rock Band DLC | GW:OttW - arrcd | WLD - Thortar
  • ArbitraryDescriptorArbitraryDescriptor Registered User regular
    edited September 4
    DarkPrimus wrote: »
    If Nite Team 4 has taught me anything, it's that with enough details known about a target, running the dictionary attack is only going to take a couple minutes at most so you might as well attempt it before going the social engineering route.
    That's why all my passwords are

    "Repetitive strain injury is the longest word in the dictionary, but would someone use it in a dictionary attack? I doubt it. This is my [account] password, btw"

    It's tough on the thumbs, but it's worth it.

    ArbitraryDescriptor on
    Elvenshaedurandal4532Man in the MistsMrVyngaardGnome-InterruptusForarHefflingArch
  • redxredx I(x)=2(x)+1 whole numbersRegistered User regular
    Does anyone actually use dictionary attacks? Every time I've been hacked it's been because something like Yahoo loses all their passwords.

    Of course, I don't use dictionary words for my passwords, but I don't use gore'hgor'hgo!!horse%

    So yahoo gets their passwords stolen in the form of hashes. They get cracked using a variety of different attacks, normally starting with lists of common passwords, then lists of leaked passwords, then hybrid dictionary attacks(like automatically trying p4$$w0rd!), and lastly brute force.

    most places will notice if you try to actually authenticate with even tens of different passwords.

    This machine kills threads.
  • DisruptedCapitalistDisruptedCapitalist rugged, weathered Registered User regular
    "Most"

  • TetraNitroCubaneTetraNitroCubane Registered User regular
    I realize this is the Twitter thread, but this Facebook news is extremely close to similar behavior we've seen out of Twitter (and we don't have a general social media thread)*.

    But basically, Politicians are allowed to violate the rules and guidelines of the site, including being exempt from fact-checking and hate speech rules.
    Facebook this week finally put into writing what users—especially politically powerful users—have known for years: its community "standards" do not, in fact, apply across the whole community. Speech from politicians is officially exempt from the platform's fact checking and decency standards, the company has clarified, with a few exceptions.

    ...

    Clegg's update says that Facebook by default "will treat speech from politicians as newsworthy content that should, as a general rule, be seen and heard." Nor will it be subject to fact-checking, as the company does not believe that it is appropriate for it to "referee political debates" or prevent a polician's speech from both reaching its intended audience and "being subject to public debate and scrutiny."

    This is essential what Twitter does, and what Facebook has been doing, forever.

    Anything to keep those clicks coming.

    *(If this is the wrong place for this, I will be happy to redact this post)

    VuIBhrs.png
    Martini_PhilosopherStabbity StyleDarkPrimusFencingsaxdispatch.oKristmas KthulhuMan in the MistsHefflingLord_AsmodeusMegaMekJaysonFour
  • shrykeshryke Member of the Beast Registered User regular
    Given conservative politics, it's either that or you have to pick a fight with the Right. There are no other options.

    Silicon Valley, of course, always chooses the easy and cowardly answer.

    Kristmas KthulhuGnome-InterruptusTetraNitroCubaneKamarMan in the MistsQuidArbitraryDescriptorAngelHedgieZonugalFencingsaxLord_AsmodeusHacksawBigJoeMTicaldfjamMegaMekJaysonFour
  • TryCatcherTryCatcher Registered User regular
    The Joker Movie Twitter account learns why you shouldn't automate tagging to random Twitter accounts. (Warning: Racial slurs).

  • AngelHedgieAngelHedgie Registered User regular
    edited October 2
    Senator Kamala Harris has asked Jack Dorsey to consider suspending Trump:
    Democratic presidential hopeful Kamala Harris called on Twitter's CEO on Tuesday to consider suspending President Donald Trump's account, saying his tweets violate the site's anti-bullying policy.

    In a letter to Twitter's Jack Dorsey, the senator from California pointed to a series of tweets from the president referring to the whistleblower who filed a complaint about Trump's July 25 call with the president of Ukraine. Harris said Trump's tweets were an attempt to "target, harass" and "out" the whistleblower.

    Harris also pointed to Trump's tweet that "a Civil War" could break out if Democrats successfully remove the president from office. She said the tweet suggests "that violence could be incited should Congress issue formal articles of impeachment against him."

    AngelHedgie on
    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
    ElvenshaeJaysonFour
  • ZekZek Registered User regular
    I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.

    TryCatcherGnome-InterruptusSleepdestroyah87Emerlmaster999LovelyKristmas KthulhuTetraNitroCubaneElvenshaeDarkPrimusZonugalLord_AsmodeustynicJaysonFourHacksaw
  • CelestialBadgerCelestialBadger Registered User regular
    Zek wrote: »
    I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.

    Does that count for people like the Grand Wizard of the Ku Klux Klan? That's a political position, too. Or the head of ISIS.

  • MortiousMortious The Nightmare Begins Move to New ZealandRegistered User regular
    Zek wrote: »
    I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.

    Does that count for people like the Grand Wizard of the Ku Klux Klan? That's a political position, too. Or the head of ISIS.

    First one yes, second one no. We've seen more than enough examples on how Twitter enforces their rules.

    Move to New Zealand
    It’s not a very important country most of the time
    http://steamcommunity.com/id/mortious
    MorganVKristmas KthulhuMan in the Mists
Sign In or Register to comment.