As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Twitter Continues To Have A [Twitter] Problem

17980828485102

Posts

  • JazzJazz Registered User regular
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    It used to be, I used it in the days before I had a smartphone or data plan. I doubt it's nearly as common now but it wouldn't surprise me that it's still a thing.

  • KetBraKetBra Dressed Ridiculously Registered User regular
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    That was like the original way twitter was done

    KGMvDLc.jpg?1
  • JazzJazz Registered User regular
    KetBra wrote: »
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    That was like the original way twitter was done

    It's literally why they had the 140 character limit, too.

  • AthenorAthenor Battle Hardened Optimist The Skies of HiigaraRegistered User regular
    Ah, makes sense. I think I ignored twitter until like 2011-2012 or so.

    He/Him | "A boat is always safest in the harbor, but that’s not why we build boats." | "If you run, you gain one. If you move forward, you gain two." - Suletta Mercury, G-Witch
  • DevoutlyApatheticDevoutlyApathetic Registered User regular
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    It was the original technical reason for Twitter and the source of the character limits and stuff. Back in the dark ages before every phone always had an internet connection it made sense.

    Nod. Get treat. PSN: Quippish
  • DarkPrimusDarkPrimus Registered User regular
    send tweet

  • HacksawHacksaw J. Duggan Esq. Wrestler at LawRegistered User regular
    Athenor wrote: »
    I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?

    Back when I Twittered, I used to tweet via SMS because I didn't have a smartphone. It was definitely A Thing for a little while.

  • CelestialBadgerCelestialBadger Registered User regular
    edited September 2019
    Ooops

    CelestialBadger on
  • syndalissyndalis Getting Classy On the WallRegistered User, Loves Apple Products regular
    There was a fantastic episode of Reply All called the snapchat thief where they went over how attacks like this happen and just how common they are.

    https://gimletmedia.com/shows/reply-all/v4he6k/130-the-snapchat-thief

    SIM swapping is apparently ludicrously easy to do and one of the primary reasons you are better off using a password manager and a 2 factor app that uses decaying tokens instead of SMS for verification.

    SW-4158-3990-6116
    Let's play Mario Kart or something...
  • davidsdurionsdavidsdurions Your Trusty Meatshield Panhandle NebraskaRegistered User regular
    I’ve had repeated struggles with authentication apps where when I change devices I have to basically redo everything and nothing I do seems to allow me to transfer information over. It is extremely frustrating when you have a near endless amount of accounts you want to keep as secure as possible but the methods to do that are understandably difficult to set up repeatedly.

  • 21stCentury21stCentury Call me Pixel, or Pix for short! [They/Them]Registered User regular
    edited September 2019
    EDIT: Wrong tab and it took me way too long to catch that. sorry. :(

    21stCentury on
  • AthenorAthenor Battle Hardened Optimist The Skies of HiigaraRegistered User regular
    I’ve had repeated struggles with authentication apps where when I change devices I have to basically redo everything and nothing I do seems to allow me to transfer information over. It is extremely frustrating when you have a near endless amount of accounts you want to keep as secure as possible but the methods to do that are understandably difficult to set up repeatedly.

    Ever since my Xbox Live account got hacked in 2011-2012, I've been using a solution devised by a friend and mentor of mine.

    KeePass 2.0 file, encrypted with a passphrase that has some meaning to me
    The file is stored on Dropbox.
    The dropbox login is stored in the password safe.

    I use it at work, at home, on my phone... it does lead to some inconvenience, but so far it seems to work well. In my friend's case, he also has a hard-copy stored in a safety deposit box in case something ever happened to him and his family needed access.

    He/Him | "A boat is always safest in the harbor, but that’s not why we build boats." | "If you run, you gain one. If you move forward, you gain two." - Suletta Mercury, G-Witch
  • CelestialBadgerCelestialBadger Registered User regular
    You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.

  • KamarKamar Registered User regular
    You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.

    Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.

  • CelestialBadgerCelestialBadger Registered User regular
    Kamar wrote: »
    You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.

    Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.

    Just use a different password for each site.

  • MorganVMorganV Registered User regular
    Kamar wrote: »
    You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.

    Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.

    Just use a different password for each site.

    But how will I remember it if it's not 12345?

  • CelestialBadgerCelestialBadger Registered User regular
    A fun thing is to google your trash passwords and see who's got them.

  • TNTrooperTNTrooper Registered User regular
    Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.

    steam_sig.png
  • WiseManTobesWiseManTobes Registered User regular
    make your passwords a spree of swear words so that the more you forget it the more likely you are to accidentally say it and remind yourself!

    Steam! Battlenet:Wisemantobes#1508
  • ForarForar #432 Toronto, Ontario, CanadaRegistered User regular
    make your passwords a spree of swear words so that the more you forget it the more likely you are to accidentally say it and remind yourself!

    ... I have legit started doing this with a couple of sites that I seem inexplicably incapable of getting the correct login for.

    It's cathartic when it works, and highly baffling when I forget that I've done it, and it still works.

    First they came for the Muslims, and we said NOT TODAY, MOTHERFUCKER!
  • EchoEcho ski-bap ba-dapModerator mod
    A fun thing is to google your trash passwords and see who's got them.

    Or just check your spam folder to see if you get some porn blackmail spam with your leaked passwords in the subject.

    https://haveibeenpwned.com/

  • Jebus314Jebus314 Registered User regular
    edited September 2019
    TNTrooper wrote: »
    Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.

    This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.

    Jebus314 on
    "The world is a mess, and I just need to rule it" - Dr Horrible
  • redxredx I(x)=2(x)+1 whole numbersRegistered User regular
    edited September 2019
    Jebus314 wrote: »
    TNTrooper wrote: »
    Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.

    This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.

    it might be using a good password hashing algorithm, those are kinda, like somewhat, expensive to make rainbow tables for.

    It's also published by Google, who lot's of folks allowed to do stuff like store and sync actual passwords. Shrug.


    I would not use it.

    redx on
    They moistly come out at night, moistly.
  • discriderdiscrider Registered User regular
    edited September 2019
    Jebus314 wrote: »
    TNTrooper wrote: »
    Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.

    This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.

    Nah.
    If it's any good, it would just check your password hash against the list of password hashes on the online database.
    I believe that's what haveibeenpwned does (not that you should submit a password to a website, but that also have a list of password hashes you can download to compare offline).
    And that should be reasonably secure.

    Or it just stores rockyou.txt locally and compares it.
    But that's not exactly rigorous.

    discrider on
  • discriderdiscrider Registered User regular
    Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.

  • lunchbox12682lunchbox12682 MinnesotaRegistered User regular
    discrider wrote: »
    Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.

    This and overly strict password requirements always struck as a way to long-term simplify password brute force. You're decreasing the number of valid passwords.

  • redxredx I(x)=2(x)+1 whole numbersRegistered User regular
    edited September 2019
    discrider wrote: »
    Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.

    This and overly strict password requirements always struck as a way to long-term simplify password brute force. You're decreasing the number of valid passwords.

    Use long alphanumeric passwords with special characters, which don't use common patterns doesn't really do that. Like, yeah, you eliminate all the 1-13 character passwords, by forcing the user to select from a set of passwords that is 40 times larger than all of those put together. You let them use common patterns to fight against dictionary attacks, which are thousands of times faster than brute forcing.

    what these things do is make it harder for users to select easily memorable passwords, so they end up reusing good passwords sometimes with small modifications, and when those get compromised the result is significantly worse.


    edit: unless you're talking about "you can't use character !@%#^&amp; </'" or whatever, which is normally caused by incompetent programing.

    redx on
    They moistly come out at night, moistly.
  • CelestialBadgerCelestialBadger Registered User regular
    Does anyone actually use dictionary attacks? Every time I've been hacked it's been because something like Yahoo loses all their passwords.

    Of course, I don't use dictionary words for my passwords, but I don't use gore'hgor'hgo!!horse%

  • PolaritiePolaritie Sleepy Registered User regular
    Does anyone actually use dictionary attacks? Every time I've been hacked it's been because something like Yahoo loses all their passwords.

    Of course, I don't use dictionary words for my passwords, but I don't use gore'hgor'hgo!!horse%

    They're mainly useful when someone loses a database of hashed passwords. But social engineering and such is easier.

    Steam: Polaritie
    3DS: 0473-8507-2652
    Switch: SW-5185-4991-5118
    PSN: AbEntropy
  • DarkPrimusDarkPrimus Registered User regular
    If Nite Team 4 has taught me anything, it's that with enough details known about a target, running the dictionary attack is only going to take a couple minutes at most so you might as well attempt it before going the social engineering route.

  • ArbitraryDescriptorArbitraryDescriptor changed Registered User regular
    edited September 2019
    DarkPrimus wrote: »
    If Nite Team 4 has taught me anything, it's that with enough details known about a target, running the dictionary attack is only going to take a couple minutes at most so you might as well attempt it before going the social engineering route.
    That's why all my passwords are

    "Repetitive strain injury is the longest word in the dictionary, but would someone use it in a dictionary attack? I doubt it. This is my [account] password, btw"

    It's tough on the thumbs, but it's worth it.

    ArbitraryDescriptor on
  • redxredx I(x)=2(x)+1 whole numbersRegistered User regular
    Does anyone actually use dictionary attacks? Every time I've been hacked it's been because something like Yahoo loses all their passwords.

    Of course, I don't use dictionary words for my passwords, but I don't use gore'hgor'hgo!!horse%

    So yahoo gets their passwords stolen in the form of hashes. They get cracked using a variety of different attacks, normally starting with lists of common passwords, then lists of leaked passwords, then hybrid dictionary attacks(like automatically trying p4$$w0rd!), and lastly brute force.

    most places will notice if you try to actually authenticate with even tens of different passwords.

    They moistly come out at night, moistly.
  • DisruptedCapitalistDisruptedCapitalist I swear! Registered User regular
    "Most"

    "Simple, real stupidity beats artificial intelligence every time." -Mustrum Ridcully in Terry Pratchett's Hogfather p. 142 (HarperPrism 1996)
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    I realize this is the Twitter thread, but this Facebook news is extremely close to similar behavior we've seen out of Twitter (and we don't have a general social media thread)*.

    But basically, Politicians are allowed to violate the rules and guidelines of the site, including being exempt from fact-checking and hate speech rules.
    Facebook this week finally put into writing what users—especially politically powerful users—have known for years: its community "standards" do not, in fact, apply across the whole community. Speech from politicians is officially exempt from the platform's fact checking and decency standards, the company has clarified, with a few exceptions.

    ...

    Clegg's update says that Facebook by default "will treat speech from politicians as newsworthy content that should, as a general rule, be seen and heard." Nor will it be subject to fact-checking, as the company does not believe that it is appropriate for it to "referee political debates" or prevent a polician's speech from both reaching its intended audience and "being subject to public debate and scrutiny."

    This is essential what Twitter does, and what Facebook has been doing, forever.

    Anything to keep those clicks coming.

    *(If this is the wrong place for this, I will be happy to redact this post)

    VuIBhrs.png
  • shrykeshryke Member of the Beast Registered User regular
    Given conservative politics, it's either that or you have to pick a fight with the Right. There are no other options.

    Silicon Valley, of course, always chooses the easy and cowardly answer.

  • TryCatcherTryCatcher Registered User regular
    The Joker Movie Twitter account learns why you shouldn't automate tagging to random Twitter accounts. (Warning: Racial slurs).

  • AngelHedgieAngelHedgie Registered User regular
    edited October 2019
    Senator Kamala Harris has asked Jack Dorsey to consider suspending Trump:
    Democratic presidential hopeful Kamala Harris called on Twitter's CEO on Tuesday to consider suspending President Donald Trump's account, saying his tweets violate the site's anti-bullying policy.

    In a letter to Twitter's Jack Dorsey, the senator from California pointed to a series of tweets from the president referring to the whistleblower who filed a complaint about Trump's July 25 call with the president of Ukraine. Harris said Trump's tweets were an attempt to "target, harass" and "out" the whistleblower.

    Harris also pointed to Trump's tweet that "a Civil War" could break out if Democrats successfully remove the president from office. She said the tweet suggests "that violence could be incited should Congress issue formal articles of impeachment against him."

    AngelHedgie on
    XBL: Nox Aeternum / PSN: NoxAeternum / NN:NoxAeternum / Steam: noxaeternum
  • ZekZek Registered User regular
    I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.

  • CelestialBadgerCelestialBadger Registered User regular
    Zek wrote: »
    I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.

    Does that count for people like the Grand Wizard of the Ku Klux Klan? That's a political position, too. Or the head of ISIS.

  • MortiousMortious The Nightmare Begins Move to New ZealandRegistered User regular
    Zek wrote: »
    I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.

    Does that count for people like the Grand Wizard of the Ku Klux Klan? That's a political position, too. Or the head of ISIS.

    First one yes, second one no. We've seen more than enough examples on how Twitter enforces their rules.

    Move to New Zealand
    It’s not a very important country most of the time
    http://steamcommunity.com/id/mortious
This discussion has been closed.