Obama's Twitter Account "Hacked"

Oxford_Comma_Lover writes "A 24-year-old living with his mother in France was arrested for 'hacking' into Obama's twitter accounts. (Warning: WSJ does obnoxious paywall things. Your miles may vary.) Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people; he has no computer science training or financial motive. He posted screenshots to a few boards and twitter found out within a few hours, either from a tip or from noticing when someone from France logs onto twitter as the President of the United States. (He did not actually tweet as POTUS, but just wanted to show he could break into the account.)"

He shouldn't be arrested

[Monkeedude1212]

Apparently he guesses the answer to a question related to password recovery in order to break into the accounts of famous people

If thats all it takes then the system is broken, not the people abusing it.

Re:He shouldn't be arrested

[magsol]

Or the users need to cease using common knowledge as the answers to these not-so-security questions.

Re:He shouldn't be arrested

[Monkeedude1212]

The "Security question" system in itself is the weak point in most security situations.

Mother's Maiden name?

Pet's first name?

Favourite Band?

How long do you think it would take to brute force any of those with a simple script? There's no point in making sure your passwords Really strong if your security question can be as weak as a noodle.

Re:

[magsol]

I agree, it's a double-edged sword. The system lends itself to simple questions with answers that are easily guessed, and simultaneously users make themselves very predictable. I should have started my previous comment with "And" instead of "Or".

Re:

[magsol]

Crap, I didn't mean "two-edged sword", I meant "insult to injury". I'm confusing my fighting metaphors here.

Re:He shouldn't be arrested

[clone53421]

Mix metaphors thoroughly, serve confused.

Re:

[Anonymous Coward]

In front of me, asleep, is a nasty dragon who needs a good beheading. As I raise my broadsword to deal the death blow, the back edge of the blade slices into the arm of my pal Eddie, who squeals, and the dragon wakes & flies away. This really pisses me off, so I put some salt on the wound to make him keep squealing, then I tell him how fat & easy his mom is. Fucking Eddie. I guess I should have used the katana.

Re:He shouldn't be arrested

[0100010001010011]

Who says the answer has to be 'right'?

For example every website that wants "Mother's Maiden Name" gets a sha1(md5($maidenname)). Technically accurate but no one is going to 'guess' it.

Same goes for all other questions. It doesn't even have to be as complex as a hash. Just do a simple reverse or Rot13.

Last name: Smith.
Reversed: htimS.
Rot 13: ugvzF.

Now the last name is technically accurate, even if it is permuted.

Re:

[clone53421]

Yes, which is why my “security” questions all have correct answers that look like gibberish.

But most people just put the answers.

Re:He shouldn't be arrested

[clone53421]

Apparently Twitter doesn’t have secret questions at all. You can have a password reset request sent to the registered e-mail address.

TFA is rather misleading, because what actually happened was the guy broke into a Twitter employee’s Yahoo account (hello Palin! do we never learn?) and then used that Yahoo account to find other information that he shouldn’t have. — according to this article [wsj.com].

too obvious..

[TiggertheMad]

Why even include anything that relates to your mothers name? Why even give attackers that much? Just provide a 30 character string of random characters. It's not like anyone actually checks that your mom isn't named 'DFER%$^YBNSwerwer4r67786^##$%#%GFH'...

Re:

[Yetihehe]

If I forgot my password, there is very high possibility that I also forgot this complicated answer. Happened to me once.

Re:

[ircmaxell]

Well, why ask for anything then? Why not just send a secure token to a recorded contact point (Such as an email address or a phone number or a snail mail address)? Then require that token to reset the password?

Re:too obvious..

[Applekid]

Why even include anything that relates to your mothers name? Why even give attackers that much? Just provide a 30 character string of random characters.

Yo, I heard you like passwords, so we're going to protect your password with another password.

Re:too obvious..

[Captain Splendid]

My grandmother hasn't been a maiden since 1910

Suuuure she was. Pretty damn 'lively' from '07-'09 if you consult the outhouse walls.

Re:

[Captain Splendid]

Thanks, you're my first!

Re:too obvious..

[cmiller173]

That's a great idea! I'm off to the hall of records with a box of matches!

Re:

[Maximum Prophet]

Who says the answer has to be 'right'?

Your memory.

If you can remember all that, you can remember your password.

On the other hand, if you use the same obfuscation on multiple web sites, then you are protected from the general population, but not from someone who can get ahold of your secret answers from several sites. Rot13 isn't too hard to figure out. Then they can log into all the sites that you've protected this way.

Secret Question/Answer is not a good way to secure a system.

Re:

[m.ducharme]

Nuclear launch code?
12345

What?! I have the same code on my luggage!

Re:

[KarlIsNotMyName]

Flamebait?

Personally I hate security questions. The suggestions are always obvious things where most you need to know is the person that owns the account.

The only safe thing is to not put an actual answer as the answer.

Re:

[GIL_Dude]

While that is absolutely true, most systems don't then let you immediately logon with a recovered password. They generally mail a new password to you. So you need to already know the password to the user's email account so that you can logon there and actually get the password. Systems that aren't doing at least that are not very secure.

Re:

[rolfwind]

Or the users need to cease using common knowledge as the answers to these not-so-security questions.

Well, when the system forces it upon you, you sometimes have no choice.

To me, it's the equivalent of needing 2 passwords instead of one, and I never fill out my security questions with anything but random data. It's truly a PoS security wise. I even hate it more when you can't type up your own question.

I wonder if facebook has "Your highschool?" or something equally stupid as a security question, when you'r

Re:

[ezzzD55J]

ITYM the equivalent of *either* of 2 passwords instead of one. Where one of the two (the answer to the security question) is often easy to find out. I agree with you totally btw :) I always give em random answers too.

Re:

[Limburgher]

I have several accounts with these sorts of dumb mandatory security questions. I make up totally crap answers(Favorite band? Rheumatic fever. Highschool? George Clinton. That sort of thing.) and stick them in an encrypted spot.

The ones that let you create the question are much better.

Re:He shouldn't be arrested

[girlintraining]

If thats all it takes then the system is broken, not the people abusing it.

Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me. Jeez, I mean, what do you expect a criminal to do? Hey, btw -- what kind of slashdot poster are you, I didn't find any ramen to eat while you were out running errands either. I really wanted to have a snack after cleaning the place out. Ungrateful jerk...

Re:

[Monkeedude1212]

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

However, not using a security question, or using one that is as difficult to guess (Symbols, upper lower case, etc) - is like locking the doors. It will deter most criminals.

If someone SERIOUSLY wanted to hack into Obama's Twitter and cause a ruckus, they would, and I would sympathize for the Prez. But when some dude in France is pulling it off to show off his

Re:He shouldn't be arrested

[girlintraining]

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

You know, bathroom locks in most homes and apartments can be opened with a straightened paper clip. There's a reason for this: You can't accidentally open the door, but if there's an emergency (say someone has a fall, or locks themselves in to overdose on pills) the door can be easily opened.

Pointing out the flaws of the security system don't relieve the person overriding it of their ethical responsibilities to their fellow human beings. Most security exists merely to satisfy the restraint that breaking it isn't accidental, because strong security can impede a variety of legitimate activities. As one example, my cousin lives with roommates who steal her pills, so she had a lock placed on her bedroom door. However, she needed me to get into the room while she was away to get some paperwork. So I fashioned a simple lock pick and gained entry (with the owner's permission). The average person would be unable to do this, but as a security expert, I can. However, I did not do so without permission, because that would be a violation of privacy, however trivial it was for me to actually open the door (about 5 seconds).

Re:

[MBGMorden]

Having a security question that is easily guessable is like leaving your car door unlocked. I wouldn't be surprised if it got stolen. Simple as that.

Not being surprised isn't what you said. You said the guy shouldn't be arrested. Effectively, the parallel is that if someone DID leave their door unlocked, and someone came in and stole their stuff, then that person shouldn't be arrested either.

No matter how weak your security is, if someone trespasses, steals, or otherwise breaks into a computer or a house, then they need to be punished. Claiming that the security was so weak that it wasn't much trouble for you simply isn't an adequate defense.

Re:

[clone53421]

He didn’t “steal stuff”, he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.

Re:

[geekoid]

It's still trespass.

Seriously, what would you do if your neighbor picked your lock, took picture of your house and then left?
Had you left your door open,, Then your point would be valid.

Re:

[girlintraining]

He didn't "steal stuff", he came in, looked around, disturbed nothing, but took photographs to prove he was there and then published them to let everyone know how easy it was to get in.

Which is still trespass, and he posted the evidence of his crime publicly. Idiot. If you want to demonstrate the ease of breaking security, then educate people responsibly and ethically. This person did neither.

Re:

[cmiller173]

He replaced all the stuff with exact duplicates of the same stuff.

Re:

[NotBornYesterday]

What is surprising is that out of the 6+ billion people on earth, only this guy seems to have had the motivation (if, indeed, you can calla 24-year old living with his mother "motivated") and imagination to do this. You would think that someone would have done this already either for shits-n-giggles, or possibly more sinister purposes.

Re:

[geekoid]

No. even having one is like having your doors locked. No door lock prevent criminals from stealing your car, it only expresses your intent that onlu authorized people should be allowed to enter.

Then that analogy explodes.

Having a password at all indicates that the intent is that no one else should go in.

I don't care if your password is password.

Re:

[Sir_Lewk]

Although blaming the victim is never politically correct, realistically they generally do share some of the blame. If I leave my bike sitting on the sidewalk of any major city and fail to lock it to anything, do you really think it's not my fault at all when it gets stolen?

Re:

[HateBreeder]

Ideally, It wouldn't be your fault at all.

Realistically, you should know better.

So it really depends on your POV... are you an insurance company trying to avoid paying a claim? or are you an Idealist trying to get justice?

Re:

[gambino21]

What victim? It says he didn't even make any posts. This seems more like opening the unlocked front door of your house, saying "yep it's open" and then leaving without taking anything.

Re:

[girlintraining]

What victim? It says he didn't even make any posts. This seems more like opening the unlocked front door of your house, saying "yep it's open" and then leaving without taking anything.

That's still tresspass in the real world. It's reasonable to expect that the residence was occupied and the owner could have been located prior to gaining entry, same as having 'no tresspassing' signs posted. There may be no security present to stop you, but that's not a valid argument for entering the premises.

Re:

[Dishevel]

Yes, blame the victim. You didn't install triple deadbolts on your door. It's not my fault all your stuff got fenced by me. Jeez, I mean, what do you expect a criminal to do? Hey, btw -- what kind of slashdot poster are you, I didn't find any ramen to eat while you were out running errands either. I really wanted to have a snack after cleaning the place out. Ungrateful jerk...

it is not like "Blaming the Victim" means you do not blame the perp. Just because the criminal is wrong dose not mean that you have to ignore the stupidity of the victim if it exists. I really have a problem with people who just post crap with no thought put in whatsoever.

Re:

[Sleepy]

WHAT lock?

I walked by your door, and it turns out you hung a PHOTOGRAPH of a lock and there was no security.
That's like leaving a shoebox of money on the sidewalk with a note "please do not take or open".

Your metaphor alleges direct physical access and brute force. Think before you post.

Re:

[BikeHelmet]

No, he's right in this case.

If he had twittered something, then it'd be different - but this is about as white hat as it gets.

It's very similar to someone walking around turning doorknobs until he finds a house with an unlocked door, then leaving a note that your door was unlocked and he could've stolen everything.

It's not accurate to call a security question a "lock". Most sites have mandatory security questions - stuff like your first pet, mother's maiden name, or first school. In this day and age, all th

Re:

[drachenstern]

I just wanna know if it had the phone number to Obama's Blackberry synced and if those were in the screenshots...

Re:He shouldn't be arrested

[DragonWriter]

If thats all it takes then the system is broken, not the people abusing it.

Its pretty trivial to break into most homes, cars, etc., but when people actually do it, we consider their actions to be the problem.

I don't see why the fact that it is a computer system means that there is suddenly nothing wrong with the actions of the person deliberately breaking in.

Sure, its fairly trivial for an online service to institute better security than "guess an fairly easy question and get access", so there are grounds for saying that the system has a problem. Its another thing, though, to go further and say that it is the system and not the intruder that is the problem.

Re:

[Monkeedude1212]

Suppose your door is left unlocked, but latched. And there are about A hundred Doorknobs on your door, only one of them actually opens the door.

This is essentially what happened. Had they locked the door, IE, not made a guessable password or security answer, he wouldn't have gotten in.

Re:

[NotBornYesterday]

Yes, but the White House has better security than John Q. Public's house, and for good reason.

Re:

[cosm]

If I take my keys and guess a random house to try them on, and get in, it isn't the locksmith's, homeowner's, nor key's fault I trespassed. I conscientiously decided to take the action. It is true that simple attack vectors make things prone to exploit, but the responsibility for the intrusion lies on the individual knowingly exploiting that vector.

Saying it could have been prevented by a better "system" and then redirecting the blame is like blaming my broken leg on the car manufacturer for not installi

it is simple morality

[circletimessquare]

that if you transgress against someone else, you are the problem

for example: if a bag of cash is sitting wide open and unguarded just inside an open door, you have absolutely 0% right to take it, and you are 100% to blame for the theft: YOU took it, no one told you to. your own poor decision making is the key

no matter how horrible or nonexistent someone's defenses, when you transgress against them, you are a criminal, you are 100% culpable, you have no excuse, you should be punished, and your morality sucks. plain and simple

sure, people SHOULD have good defenses. mainly because of all the immoral assholes out there. but even that you knew there were a lot of immoral assholes out there and their behavior is pretty predictable, none of that excuses the actual immoral assholes and their behavior. but another way: stupid is bad, but evil is always worse

so you need good defenses, but when you are transgressed against, the question of the quality of your defenses is completely besides the point: the immoral asshole needs to be punished

Re:

[NotBornYesterday]

The fault of the transgression lies with the transgressor. But in a world known to be inhabited by morally flexible individuals, it is reasonable to expect people to secure themselves and their property to some degree, and to continue to take reasonable actions to avoid/deflect/counter attacks by the unscrupulous.

For example, take this other discussion [slashdot.org]. People are still taking a lax attitude towards PC security despite known risks. Obviously, the spam is a direct result of the spammers's actions. How

i'm not excusing poor security

[circletimessquare]

i'm attacking the concept that the victim is to blame for a transgression, which is demonstrated in the grandfather comment in this thread

for example: she was drunk and skimpily dressed, so she deserved to be raped. he had no antivirus, so he deserved the trojan keylogger, etc. yes: you can take, or fail to take, certain actions which increase your chance of falling victim to immoral assholes. however, the immoral assholes are always to blame, regardless

as soon as you lose personal accountability, as soon a

Wrong

[aepervius]

If my lock at my door is poor, I may have problem getting money back from the insurance, but for the law, you entering my home it by using a replacement key wills till be considered "breaking and infringing upon my property". It isn't different here.

Re:

[Kelbear]

The Law is there is preserve order, it only dispenses justice on occasion coincidentally.

That's why there is a human component involved, judgement is required to evaluate the situation in comparison to the abstract scenario around which the Law was crafted. Then they can see how the Law should be applied in this specific situation.

If the man broke in, and did no harm, in fact, doing nothing other than highlighting the flaws in security, then he has provided a service with no detriment. A reasonable human pe

The password

[Anonymous Coward]

I heard was "Let them eat cake"

What?

[Vinegar Joe]

They have basements in France?

Re:What?

[guspasho]

I know, I was shocked that they have computers and electricity.

Re:

[Anonymous Coward]

They have basements in France?

In France they call them Royale With Cheetos.

Laugh It Off

[Anonymous Coward]

They laughed it off when Palin was hacked...Will they laugh now for the POTUS?

Re:

[Anonymous Coward]

That would be in keeping with their two faced sense of outrage.

Re:

[spun]

Who is 'they?'

Re:

[jdgeorge]

As I understand it, in the first case it was them, but in the second is was those other people... though I guess it could have been the same "they" in both cases.... You're right, I'm confused.

Unless... the two faces. The first "they" is one face, and the second "they" is the other face. Yeah, That's it.

Gah, too much Slashdot for me, lesson learned. I think the key messages here are that Twitter is not super-secure, and a lot of people aren't sympathetic when unfortunate things happen to people they don't l

Re:

[sycodon]

I think "they" could be considered the Political punditry, bloggers and posters on sites such as the DailyKOS, Huffington Post, Etc.

But this is so new, I have not seen any opinions from "these people". So who knows if "they" will laugh it off or not.

Re:

[natehoy]

They did?

His trial starts April 20.

http://www.myfoxmemphis.com/dpp/news/local/032410-apx-david-kernell-in-court-in-palin-hacking-case [myfoxmemphis.com]

Obviously you and I have very different definitions of the term "laughing it off". Last I checked, it doesn't include arresting someone, having them post bail, and charging them with multiple felonies that carry jail sentences. I'd hate to see what your definition is for actually being held responsible for something.

Having said that, they should let David go, and they should

The weakest link in any form of security

[Sabz5150]

is always the human being.

Good.

[geekoid]

Having a password clearly dictates the intent of the person is not to allow other people to use it.

If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime... or at least very rude.

Re:

[clone53421]

Having a password clearly dictates the intent of the person is not to allow other people to use it.

Perhaps so, but what is indicated by having a system whereby your password is freely given to anyone who knows your mother’s maiden name, high school mascot, and first pet’s name?

Re:

[ShadowRangerRIT]

Technically, it probably didn't give him the password, just allow him to reset it. Using the lock analogy, it's like a locksmith agreeing to make new locks and keys for anyone who greets them by opening the door of the house; they don't check the ownership records and ID, they just assume that someone who was able to get into the house and hasn't been challenged has the right to change the locks.

Re:

[clone53421]

Actually, I’ve perused the Twitter help pages and it doesn’t seem to use secret questions at all... it looks like it sends a password reset to your e-mail address via this interface [twitter.com]. So to get into the Twitter account, you’d first have to get into the e-mail account that it was registered under... which seems to contradict the story, which said that he posed as a Twitter site administrator and got access by answering secret questions.

I’m going to need more data before I can rule on t

Re:

[hanabal]

how about a system that give the front door key to anyone that looks under the welcome mat?

Re:

[clone53421]

If you’ve also posted a sign saying “Forgot key? Guess where to look to find the spare”... then yeah; it’s kinda analogous to that.

Re:

[badpazzword]

That would be accurate if you could choose to not have a password.

Re:

[pseudorand]

But no one kicked in any doors. All he did was tell people he found the key under the mat, a rather obvious place to look. Do we all really have a responsibility to keep the secrets of perfect strangers that we happen to learn? If he'd used the password, I'd say fine him or jail him, depending on how much trouble he caused or intended to cause. If he tried to sell the password, send him straight to jail. But if he simply embarrassed the whitehouse, thereby encouraging them to better secure their means of co

Re:

[girlintraining]

Having a password clearly dictates the intent of the person is not to allow other people to use it.

Not entirely accurate: Having a password is like a key. Anyone can possess it, but it's use is still governed by the permission of the owner. One password can be used by multiple people, or not.

If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime... or at least very rude.

Again, not entirely accurate: The presence or absence of an access-control mechanism provides no information on its intended use. The door could be locked because it's a bathroom that connects two bedrooms, and the person on the other side left through the other door and forgot to unlock it. There's the implication t

Follywood

[cosm]

Now is when they offer him a job (as the movies would have you believe).

Who cares

[snowwrestler]

What important data is stored within that Twitter account? What crucial lines of communication flow through it?

Re:

[GodfatherofSoul]

Being able to attribute comments to another person is power. Especially if that person's career is reliant on public perception such as it is for politicians, musicians, and actors.

log of 'hacked' password recovery session:

[circletimessquare]

q: "what city were you born in?"
a:"honolulu"
incorrect
a:"oahu"
incorrect
a:"kandahar"
correct

q: "what is your political affiliation?"
a:"democrat"
incorrect
a:"centrist"
incorrect
a:"fascist"
correct

q:"what is your favorite catchphrase?"
a:"yes we can"
incorrect
a:"change we can believe in"
incorrect
a:"from each according to his abilities, to each according to his needs"
correct

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some tea party morons out there might actually take my joke seriously)

Re:

[bsDaemon]

Wow... always knew that he was a fascist communist from central Asia. Everything is coming together now! (i hate teabaggers)

Re:

[clarkkent09]

(i hate teabaggers)

I have to say I don't understand the vitriolic hatred you and others on the left have towards the tea party movement. Can you explain it to me? The basic goals of fiscal responsibility (we certainly don't have it in Washington), government acting in accordance with the constitution (if you are against that, please explain why), and free market (the only economic system so far found to produce prosperity) sound ok to me. Of course there will be a few toothless simpletons and conspiracy t

that's kind of funny

[circletimessquare]

considering the fact that

1. vitriolic hatred is pretty much all of the tea party consists of,

2. sound fiscal responsibility is finally what this health reform delivers,

3. health care security is unconstitutional only in creative crackpot legal arguments,

4. and free market principles do not answer every question in life (as the 2008 meltdown demonstrates: you need strong government regulation to keep the markets healthy)

a capitalist society with social safety nets is clearly and obviously superior in every measurement to the social darwinism i hear you advocating, even if you don't realize that is what you are advocating. free market fundamentalism died in 2008, i guess you didn't get the memo

Re:log of 'hacked' password recovery session:

[bsDaemon]

I used to be a paid functionary of the "conservative" movement. I use the term paid loosely, though, because I made shit for money and no benefits, but was forced to write propaganda against health care reform, even back in 2007. Most of these high-profile people against health care reform, I've met. Eric Cantor, for instance, I've met on several occasions. My hatred for the movement is largely to do with my own shame in having been part of that side of the aisle and actively working against my own interest, as well as that of many, many others of my countrymen. I'm sorry for all the crap that I helped do, but I learned my lesson, left and went on to other things. Maybe hate against movment members on the streets isn't warrented like it is against the party leaders, but I feel really, really bad for them that they either can't or won't realize that they're being manipulated to work against their own interests by the rich and powerful who serve as their puppet masters.

Re:

[clarkkent09]

Hmm, so what you are saying is that that you were on the "wrong" side once, and now you are on the "right" side and you are angry that you were made to do dirty work for the wrong side. You are not actually giving any reasons for why one site is right and the other is wrong. If you think carefully about what is really in your long term interest, you will come to the conclusion that it is more economic liberty (which historically means more prosperity for everybody) rather than more government control (even

notice the last sentence in my comment

[circletimessquare]

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some tea party morons out there might actually take my joke seriously)

thanks to your comment, a revision is in order:

(i love obama and i'm 100% for common sense healthcare reform... i need to make this qualification because some t^He^Ha^H p^Ha^Hr^Ht^Hy^H morons who comment without reading out there might actually take my joke seriously)

Re:notice the last sentence in my comment

[Dahamma]

I thought the tea party movement was just a bunch of morons. Then I read this:

http://www.huffingtonpost.com/andy-borowitz/teabaggers-new-cry-mrs-ob_b_508683.html [huffingtonpost.com]

Now I think calling them that has just been an insult to morons.

Re:notice the last sentence in my comment

[cyberchondriac]

Umm.. you're the moron. Borowitz's blog is a joke. Literally. He's a comedian and writer, not a journalist.
Look again, it's under the "Comedy" section of the HuffingtonPost.
The only thing the tea party is against from what I've read is that Michelle Obama wants to take away "Happy Meal" toys and their ilk because they "encourage" children to eat poorly. It's not so much the crappy toys, it's the parent's who are too lazy to cook, and drive their kids to a fast food place that are to blame. And of course, all the HFC in everything. Maybe.

Re:

[clarkkent09]

Congratulations, it's not easy to several different proofs that you are a moron in just two short sentences.

Fake?

[moosesocks]

Wouldn't it be fairly trivial to fake those screenshots?

not hacked

[vxice]

just because you guessed a password does not mean you 'hacked' into anything.

Not "hacking"

[bsDaemon]

I don't even see how this can be dignified as "hacking" -- it's not even "script kiddy" in its complexity. If this weren't the President then I doubt it would even be news at all. But is the account even actually Obama's in the sense of, he actually takes the time to post on it himself? Doesn't he have a country to run or something?

Re:

[Sleepy]

Exactly.

There's a lesson to be learned here... for Facebook and for the controller of the Obama twitter account.

The lesson LOST is all the clueless posters saying "this is like breaking down a bank vault door" and other nonsense which demonstrates a lack of understanding of "virtual". These are the same people who equate borrowing a friend's CD with armed robbery of a the artist's bank. It's no use correcting these people when they're knowingly being obtuse as a "talking point".

Password recovery methods are stupid

[Anonymous Coward]

This is why I type a huge string of random gibberish into those stupid "Password Recovery" sections that ask me questions that any person that does any amount of research into my life can figure out.

Those things are stupid and the fact that so many sites still use them is completely stupid.

How?

[iprefermuffins]

I'm a little confused how this guy's "hack" worked as described. I just checked Twitter and it doesn't have password recovery questions. And the "forgot password" form offers to send a password reset link to the email address associated with the account, so it's not going to be a way in unless you have access to the email too.

Question based security

[wisnoskij]

Everyone already knows that question based security is not safe.

The news here is that the POTUS is not following basic security measures to keeps his accounts safe.
Which he really should be.

Re:

[istartedi]

POTUS didn't make the policy. It's a Twitter account, so I assume this is what they do when you forget your PW.

Now, even if somebody got total control of the POTUS Twitter account and started posting all kinds of outrageous crap, we'd figure that out pretty quickly and lay the blame where it belongs--Twitter.

Should they have better security? Maybe. It's not the nuclear football though. One-time pads with armed guards and officers turning keys simultaneously is just a bit of overkill for a web site wher

Wanker

[Capt.DrumkenBum]

After he got access he should have used Twitter to declare war on Vatican City.
Size: 0.17 sq. mi. (0.44 sq. km)
Population: 783 (2005 census)
Location: Rome, Italy

PGP Signed Info

[al0ha]

Unless an electronic communication is PGP signed it should never be trusted so use of Twitter by all Twits, especially POTUS, is ridiculous as it is completely insecure and unverifiable.

His password:

[jjohn]

pre$ident

Missed Opportunity...

[fahrbot-bot]

He did not actually tweet as POTUS, but just wanted to show he could break into the account.

Unrealized Tweet: Yes I can.

Just stop it - blame goes both ways

[MobyDisk]

Just stop this false dichotomy. Let me quote some excerpts from several posts above...

Yes, blame the victim. You didn't install triple deadbolts on your door.

Having a security question that is easily guessable is like leaving your car door unlocked.

I don't see why the fact that it is a computer system means that there is suddenly nothing wrong with the actions of the person deliberately breaking in.

If a door is locked, then people know they shouldn't enter and kicking in the door would be a crime.

We keep arguing over whose fault it is when someone breaks in. The reality is that all of the above points are right, and sometimes it can be both people's fault. There's nothing wrong with assigning blame to both parties.

If someone breaks into another person's home, car, twitter account, bank account - that person is to blame for it. But if the person secured their home, car, twitter account, or bank account with a po

Re:He should've at least posted something.

[Starteck81]

I was thinking "Hey guys Global Thermal Nuclear War later this afternoon... just thought you should know."

Re:He should've at least posted something.

[amliebsch]

No, no, no, he should have tweeted:

"My fellow Americans, I am pleased to tell you today that I have signed legislation that will outlaw France forever. We begin bombing in 5 minutes."

Re:And this is why we ONLY SERVE FREEDOM FRIES !!

[Anonymous Coward]

This is France. Since you don't like our language, we'll be taking it back. Please remove the word 'language' from your post. Merci.