A security flaw in Twitter's security system allows attackers to crack password by brute force attacks, a victim of a hacker says.
One of the victim who fall for this attack, Daniel Dennis Jones(@blanket) , claims that his twitter account hijacked by hackers by brute-forcing the Twitter's password reset process.
According to Jones report, the Twitter security system employs limits log-in attempts by IP address, rather than by account. So, hackers able to use a proxy network or some other way of IP changing and they would be able to make many more tries at getting into an account.
Jones eventually discovered that his account along with many other attractive Twitter handles, were being sold on a site called ForumKorner. After several attempts to get help from Twitter, Jones recovered his @blanket account.
It will be better if Twitter locked down all access after a set number of attempts, or if it employed two-factor authentication like Google does.
One of the victim who fall for this attack, Daniel Dennis Jones(@blanket) , claims that his twitter account hijacked by hackers by brute-forcing the Twitter's password reset process.
According to Jones report, the Twitter security system employs limits log-in attempts by IP address, rather than by account. So, hackers able to use a proxy network or some other way of IP changing and they would be able to make many more tries at getting into an account.
Jones eventually discovered that his account along with many other attractive Twitter handles, were being sold on a site called ForumKorner. After several attempts to get help from Twitter, Jones recovered his @blanket account.
It will be better if Twitter locked down all access after a set number of attempts, or if it employed two-factor authentication like Google does.
