I got some startling "news" for non-techie people. This has ALWAYS been the case.
I got my first real IT job back when only the fanciest homes had a 28.8 dial up modem. The people that work on the other side of the server have never needed your password to mess with your stuff.
One of my most common tasks in the early days of the internet was logging into people's email accounts to delete attachments that were too big. They'd call me up complaining that their email client kept timing out, and it was usually because someone had tried to send them a massive image file or something.
I wasn't supposed to tell them HOW I was fixing their problem, because the company didn't want to draw attention to the fact that some college student that had just walked in off the street and applied for an entry level position could open up and read every email they have, download any attachments they'd sent, and send replies or mass messages in their name.
As electronic communication has gotten bigger, more integrated, and more heavily relied on by society, the percentage of users who actually understand how it works has only gotten smaller. It's so much easier now than before to circumvent security measures. Twitter wasn't "hacked". Someone just got hold of a legit admin password.
Any IT company can only be as trustworthy as its lowest level employee. NEVER assume online communications are secure.
I think blockchain tech can be leveraged in the future so that once you write something from your authorized device it can't be edited by anyone else. Will also decentralize control of the data.
I agree a blockchain based tech for your own personal social media feed would be great. It should also make it impossible to delete past tweets. You can edit, revise, flag etc but the revision still exists. So for example if you make 28,000 posts about pedophilia you can't just one day go and delete them all because people start calling you a pedophile.
One caveat to what you're talking about. I did IT in the US Army, and we had the same privileges you're talking about.
The military used and probably still does, PKI digital certificates to verify user identity when sending each email. Without that certificate, you weren't supposed to trust the source.
Your ID Card held the certificates, and if the ID Card wasn't slotted into the PC at the time of writing an e-mail, it wouldn't be digitally signed.
All true, and still how it's done, but that doesn't mean the typical user actually understands how that works and looks for the digital signature. We've all had the click-through "training" and signed the page-13s so we can be taken to mast over it, but that's all just legal CYA.
In reality, we typically put more effort into figuring out how to get AROUND the security ourselves because it makes the actual job more inconvenient. I've personally had to "counsel" people for giving out their CAC PIN just so they don't have to take the time to log off and let someone else log in to do something. It happens all the time.
It's also vitally important to remember that the Ft. Hood shooter had a clearance. It only takes ONE person without integrity to undermine the system. Or as my father used to say, "Locks are for honest people".
Also folks, this is the real reason why you never give your password to some cold-caller. Anybody who needs to be able to get into your account for maintenance already can.
Exactly. If you get a cold call that seems like it may be legit, always tell them you don't have time to talk, look up the legit customer service number, and call them back.
Better to suffer the inconvenience of having to get back to them then to take the risk of discussing your accounts with a cold caller. If it turns out that they WEREN'T trying to contact you, you can alert them to the scam.
Funny semi-related story... I had set up a smtp server on my Redhat box with a squirrelmail front end (I had some sort of client that would update my domain with my current ip). Anyhow.. this was for me and my then wife. Well, one day she complained about her mail was "stuck". Well, after paging logs, looking at mail queues etc I found the problem, but in the midst of all that I found out she had been having an affair because one her emails was causing the smtp daemon to croak.
At work I often was amused as LP would check my lunch box to see if I stole something whilst earlier that day I was paging through 100,000's of credit card transactions from 100+ stores supporting some credit auth issues we might have been having.
Reddit didn't require any personally identifying information to make an account. Not even an email address. That's my point. Anything more than a username and password is a no-go for me. Spez et. al. can spez his little balls off, there was no real way to tie it to me without a battalion of highly trained autists by taking a few precautions including some basic opsec.
Yeah, I shouldn't have used the word "complete". That is a fallacy.
You can make it difficult for casual observers to figure out who you are, that's my goal. If I were paranoid about anonymity, I'd be running a Tails stick in a cheap refurb "burner" laptop sans hard drive with my favorite VPN set for two extra hops on a public wi-fi.
That's about as close to anonymous as humanly possible for most people.
Just like spez can edit Reddit posts, they have this feature in case they need to delete evidence. Also if posts can be edited by admins how can you trust anything posted as evidence, when it could have easily been admin edited
Yes this so called hack is just cover for another bigger leak that was coming. Now every pedophile can claim when pictures emerge that their account was hacked and modified
I thought this was the vector, seems like a single administrator account was compromised.
It's also funny to me that normies would be shocked that the higher level administrators would have that ability to post as anyone, sure they have as well as read DMs etc.
Twitter and almost all platforms like that are just web frontends to databases, the backend tools are just interfaces to the same databases but with many more rights to the entire database. If only normies really understood this and how stupidly trusting they are of these companies.
Well, the nature of the attack made sense. If it was a password breach we probably would have seen "normie" accounts hit as well. But whoever did this was going after high-profile accounts. Also fascinating that this was the same day the info on Twitter's internal UI got out.
Now combine that with the Twitter employee who said he was going to use DMs people send as blackmail material and you should seriously question why you're still on that platform.
I'm a college student studying network Administration, and I also worked IT. In my experience, your work credentials can be handed over to us to fix things, and remote in software can tab your screen activity without you ever knowing. Stupid for people to do private things over work communication, let alone think big companies don't have access to them
Twitter employees have the ability to go into YOUR account and post tweets using YOUR voice
Well, duh. That's one of the most basic privileges of account administration. This is only a surprise to people utterly ignorant of computer technology.
I got some startling "news" for non-techie people. This has ALWAYS been the case.
I got my first real IT job back when only the fanciest homes had a 28.8 dial up modem. The people that work on the other side of the server have never needed your password to mess with your stuff.
One of my most common tasks in the early days of the internet was logging into people's email accounts to delete attachments that were too big. They'd call me up complaining that their email client kept timing out, and it was usually because someone had tried to send them a massive image file or something.
I wasn't supposed to tell them HOW I was fixing their problem, because the company didn't want to draw attention to the fact that some college student that had just walked in off the street and applied for an entry level position could open up and read every email they have, download any attachments they'd sent, and send replies or mass messages in their name.
As electronic communication has gotten bigger, more integrated, and more heavily relied on by society, the percentage of users who actually understand how it works has only gotten smaller. It's so much easier now than before to circumvent security measures. Twitter wasn't "hacked". Someone just got hold of a legit admin password.
Any IT company can only be as trustworthy as its lowest level employee. NEVER assume online communications are secure.
You speak the truth.
I think blockchain tech can be leveraged in the future so that once you write something from your authorized device it can't be edited by anyone else. Will also decentralize control of the data.
The re-decentralization of the Internet cannot come fast enough.
I agree a blockchain based tech for your own personal social media feed would be great. It should also make it impossible to delete past tweets. You can edit, revise, flag etc but the revision still exists. So for example if you make 28,000 posts about pedophilia you can't just one day go and delete them all because people start calling you a pedophile.
Thank you!
One caveat to what you're talking about. I did IT in the US Army, and we had the same privileges you're talking about.
The military used and probably still does, PKI digital certificates to verify user identity when sending each email. Without that certificate, you weren't supposed to trust the source.
Your ID Card held the certificates, and if the ID Card wasn't slotted into the PC at the time of writing an e-mail, it wouldn't be digitally signed.
All true, and still how it's done, but that doesn't mean the typical user actually understands how that works and looks for the digital signature. We've all had the click-through "training" and signed the page-13s so we can be taken to mast over it, but that's all just legal CYA.
In reality, we typically put more effort into figuring out how to get AROUND the security ourselves because it makes the actual job more inconvenient. I've personally had to "counsel" people for giving out their CAC PIN just so they don't have to take the time to log off and let someone else log in to do something. It happens all the time.
It's also vitally important to remember that the Ft. Hood shooter had a clearance. It only takes ONE person without integrity to undermine the system. Or as my father used to say, "Locks are for honest people".
Also folks, this is the real reason why you never give your password to some cold-caller. Anybody who needs to be able to get into your account for maintenance already can.
Exactly. If you get a cold call that seems like it may be legit, always tell them you don't have time to talk, look up the legit customer service number, and call them back.
Better to suffer the inconvenience of having to get back to them then to take the risk of discussing your accounts with a cold caller. If it turns out that they WEREN'T trying to contact you, you can alert them to the scam.
Funny semi-related story... I had set up a smtp server on my Redhat box with a squirrelmail front end (I had some sort of client that would update my domain with my current ip). Anyhow.. this was for me and my then wife. Well, one day she complained about her mail was "stuck". Well, after paging logs, looking at mail queues etc I found the problem, but in the midst of all that I found out she had been having an affair because one her emails was causing the smtp daemon to croak.
At work I often was amused as LP would check my lunch box to see if I stole something whilst earlier that day I was paging through 100,000's of credit card transactions from 100+ stores supporting some credit auth issues we might have been having.
Just like Facebook, never had Twitter, never will. Anyone that signs up on these platforms is begging to get screwed eventually.
Yup. Any platform that doesn't allow complete anonymity by default is bad news.
Spez edited user comments in reddit.
Uh-huh.
Reddit didn't require any personally identifying information to make an account. Not even an email address. That's my point. Anything more than a username and password is a no-go for me. Spez et. al. can spez his little balls off, there was no real way to tie it to me without a battalion of highly trained autists by taking a few precautions including some basic opsec.
There is NO anonymity on the Internet. That is the biggest self-delusion that so many people kid themselves with today.
Yeah, I shouldn't have used the word "complete". That is a fallacy.
You can make it difficult for casual observers to figure out who you are, that's my goal. If I were paranoid about anonymity, I'd be running a Tails stick in a cheap refurb "burner" laptop sans hard drive with my favorite VPN set for two extra hops on a public wi-fi.
That's about as close to anonymous as humanly possible for most people.
Did anybody assume they couldn't? Anybody with backend access can do whatever they want with pretty much anything.
It's a guarantee there's more than one person with access to usernames and passwords.
If they're smart they don't actually store the passwords. But as far as being able to login as a user and do things, yes.
Just like spez can edit Reddit posts, they have this feature in case they need to delete evidence. Also if posts can be edited by admins how can you trust anything posted as evidence, when it could have easily been admin edited
Yes this so called hack is just cover for another bigger leak that was coming. Now every pedophile can claim when pictures emerge that their account was hacked and modified
Paul Krugman has already tried that defense.
I thought this was the vector, seems like a single administrator account was compromised.
It's also funny to me that normies would be shocked that the higher level administrators would have that ability to post as anyone, sure they have as well as read DMs etc.
Twitter and almost all platforms like that are just web frontends to databases, the backend tools are just interfaces to the same databases but with many more rights to the entire database. If only normies really understood this and how stupidly trusting they are of these companies.
Well, the nature of the attack made sense. If it was a password breach we probably would have seen "normie" accounts hit as well. But whoever did this was going after high-profile accounts. Also fascinating that this was the same day the info on Twitter's internal UI got out.
Now combine that with the Twitter employee who said he was going to use DMs people send as blackmail material and you should seriously question why you're still on that platform.
this is normal computer account stuff, people just dont want to know it
Sounds like what Spez did...
All these people are shit humans. Cancel them all.
I'm a college student studying network Administration, and I also worked IT. In my experience, your work credentials can be handed over to us to fix things, and remote in software can tab your screen activity without you ever knowing. Stupid for people to do private things over work communication, let alone think big companies don't have access to them
Or go into the POTUS’s account.
So, like Reddit then and Spez's edits.
Of course they do. They dont need that tool to do it either. Engineers have the keys to the twitter kingdom. That's just common sense.
Laughs in downright no shit I told ya fucking so for 10 years now.
raresmugpepe.dwg
I typically don't use Twitter.
But I certainly have one, and logged in recently to see my account promoting products, some mobile apps, that I never posted.
If you're honestly surprised by this, you really are a fool.
Think we all figured that.
You have to use twitter for them to steal your voice.
Hint: delete your account - or better yet never sign up in the first place.
Just think of how many people they've likely already framed criminally for things they never said.
Not my account. I was banned from that cesspool.
Anybody think this could be Sundance?
Well, duh. That's one of the most basic privileges of account administration. This is only a surprise to people utterly ignorant of computer technology.