Twitter advises all users to change passwords after glitch.
A bug exposed the passwords of an undisclosed number of users in plain text within Twitter’s internal systems.
Courtesy of www.WeLiveSecurity.com Story By Tomáš Foltýn 5/4/18
If you’re one of 330 million-plus Twitter users, you should change your password now. This is after the social network’s chief technology officer, Parag Agrawal, announced that the company had discovered a “bug that stored passwords unmasked in an internal log”.
“We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone,” he added.
Nevertheless, the social network is advising all users to consider changing their password “out of an abundance of caution” – both on the site itself and on any other online service that they access with the same password. There is no word as to how many users may have had their login credentials compromised.
However, Reuters did quote a person familiar with the company’s response as saying that the number was “substantial” and that the credentials had been exposed for “several months”.
First, some theory: it’s best practice for sites to store a scrambled representation (called “hash”) of each password, rather than the actual password in clear text. Through hashing, a password is turned into a completely random mix of characters. Importantly, this process is one-way, i.e. the hashed value cannot be reversed into the corresponding password. In addition, “salting”, or adding extra characters to a password before hashing it, is a common method of preventing password attacks.
Twitter said that it uses a strong hashing algorithm called bcrypt to scramble passwords. However, a bug caused passwords to be written to an internal log in plain text before the hashing process was completed.“We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again,” reads the announcement. Twitter stressed that it has no reason to think that “password information ever left Twitter’s systems or was misused by anyone”.
At any rate, the company dispensed some more advice to the users on top of changing their passwords. The recommendations include enabling two-factor authentication (Called ‘Login Verification’ on Twitter. and using a password manager to create a strong and unique password on every online service.
There is certainly some irony in that the social network announced the mishap on World Password Day.
Earlier this week, code repository GitHub made a similar disclosure after it experienced a similar gaffe that involved inadvertently storing user passwords in plain text.
G R A F F I T I
M.O.S.T. does not care about persons who paint graffiti on a sanctioned wall with the owner's permission. However, we detest cowards who paint property without consent. That changes the classification from art to vandalism. However, the vandals will still try to justify what they do by claiming it's free expression. They often try to vilify those who oppose them by labeling them oppressors of that free expression. Meanwhile, those same vandals cause hundreds of dollars in damage, drive a businesses customers away and lower property values.
We often ask if a graffiti goon would still call it "art" if it was their property being defaced without permission.
Graffiti can also have a more serious meaning due to being gang related. Gangs can use graffiti to mark territory, advertise drug sales, mourn deceased members, announce alliances and issue threats. All the more reason to report and remove it immediately.
If you see tagging in progress dial 9 1 1
For recent graffiti in Orlando report it to (407) 254-GRAF (4723) or click HERE