
Twitter accounts hijacked in new attack - vaksel
http://news.cnet.com/8301-1009_3-10190957-83.html?tag=newsEditorsPicksArea.0
======
CalmQuiet
The Twitter response: "(Twitter co-founder Biz) Stone urged people to use
strong passwords for their Twitter accounts and not to share passwords with
anyone."

 _If_ I were a tweeter, I'd be displeased to have the buck passed to me "for
not having a strong or secret password."

I'd _rather_ have Twit accept responsibility for having missed their system's
vulnerability. ...and for getting it fixed.

~~~
tptacek
What evidence do you have that this _was_ a Twitter vulnerability?

------
antiform
Security updates like this are somewhat frustrating (disclaimer: I am a fan of
full disclosure, at least after the exploit is patched). If it is able to
somehow glean your Twitter password from you clicking on the link, that is a
serious security risk. If users voluntarily enter their username and password,
there's hardly anything one can do about it, except warn users not to enter
such sensitive information haphazardly.

However, I don't understand how a strong password would help in either case.
Perhaps I'm overlooking another fairly obvious scenario.

