

Ashton Kutcher's Twitter Account Hacked at TED - Brentley_11
http://www.readwriteweb.com/archives/ashton_kutchers_twitter_account_hacked_at_ted.php

======
tsigo
"How excited will the stars Twitter seeks to get onboard be when they find out
how easy it is for strangers to hijack their identities?"

I had to read that sentence like five times in order for it to make sense.

~~~
TREYisRAD
Garden Path sentence?

<http://en.wikipedia.org/wiki/Garden_path_sentence>

------
DTrejo
Not related to Twitter, but I saw this in the comments:

 _Facebook does now have an 'enable SSL by default' option.

Account> Account Settings> Account Security> Secure Browsing (https)_

~~~
Natsu
Yeah, but I saw this the other day from F-Secure about Facebook's SSL option:

<http://www.f-secure.com/weblog/archives/00002106.html>

"I tested several times and each time I found an application that asked me to
"continue" to a "regular connection", my default Account Security settings
reverted to HTTP."

------
rdl
End to end crypto is great, but I generally use a VPN whenever logging in from
a public network for all traffic, just to avoid this -- anyone sniffing my
Gig-E uplink at the colo, or the backbone, or the site, will hopefully only
see SSL traffic to sites, but just in case, I'd rather put an extra barrier up
for the easy coffeeshop wireless sniffing attacker.

~~~
cookiecaper
I came here to post this. You don't have to sit around and wait for Twitter to
implement SSL. Many who implement SSL don't do so correctly anyway.

If you're using a public internet connection, make sure you're at least using
a SOCKS proxy to browse or IM. Pretty simple setup: ssh -ND 8001 me@myserver,
and use proxy localhost:8001.

~~~
yuhong
> Many who implement SSL don't do so correctly anyway.

Yea, be careful in particular with mixed content. Depending on the origin of
the insecure content and depending on whether the cookie was marked as
"secure", these may or may not leak plaintext cookies.

------
TGJ
Sad to see this in relation to TED talks. The TED site has a great deal of
integrity so seeing someone hack a person's twitter account is disheartening.
No matter the cause, taking someone's account just to prove a silly point is
wrong.

------
BenSchaechter
So someone in the audience was using Firesheep. Horrors.

<https://twitter.com> FTW

~~~
timtadh
I agree. This strikes me as non-news. Side-jacking is a bad thing. We get it.
Use VPN, use SSH tunneling, in general don't be dumb when using an open
network. If possible use the https version.

~~~
joezydeco
The two tweets Kutcher made from TED were from the iPhone client and
foursquare. Are there SSL options on those?

