if you were wondering wtf happened to twitter last night (and, like me, you use a client as opposed to logging into the actual site, so rather than seeing the screen above, you just saw an API timeout error), twitter was hacked. mashable’s got the digs here and here.
now, sure, we should be up in arms about the security and privacy of millions of twitter users, but the first thing that came to my mind was, wow, this is just like when my friend’s forums at the geek movement got hacked by Turkish hackers.
the similarities in how the hackers choose to expose their hack are kinda obvious: really ugly design, stupid image in the middle, really big, red letters, and a big fat link or email saying “please spam us”. i was always particularly fond/mystified by the image of the man holding his hand out, palm down, and always wondered what the frak that was about.
the difference is pretty obvious, too. on one hand we were running an old version of phpBB which had a gaping security exploit that was widely publicized on the net. the fact that the Turkish hacking mafia found it even worth their time to hack a small community forum made it more shocking and annoying than disruptive or terrifying about the state of our security. our admin soon switched to a secure, admin-approval registration system on a Vanilla forums installation, and that’s where we’ve stayed.
on the other hand, there’s twitter. millions of users worldwide. and it’s pulled down by the same ridiculous pranks as some teenage Turkish kids with a dialup connection and access to Google. really, twitter?
the twitter hack, of course, was a lot more elaborate, too, and we all know (or at least some of us in the IT industry do) that DNS is broken and has been for a long time. fixing the DNS security issue requires rebuilding DNS from the ground up, something that has to have widespread adoption across the board to work. still, it’s always assumed that major companies are targets for hacks, and that they’ve taken precautions to prevent them. so the question remains: really, twitter? really?