Should have changed it to...
"duhduhduh"
Mark Zuckerberg’s Twitter and Pinterest accounts were hacked over the weekend. The breach apparently happened after the Facebook boss’s login details were exposed via the recent LinkedIn password dump. This implies Zuckerberg reused passwords across multiple sites or perhaps that the format of the password he chose for other …
Oh yeah, that idiot Zuckerberg and his moronic team who just happen to run one of the most successful internet businesses in the world. Thank God all us clever people know the real way to make a difference is to anonymously post bullshit on the internet.
I have a massively complex password Zuckerberg, think about that as you're having a Scrooge McDuck swim in your vault of cash this evening!!! You naive fool!
Sorry, facebook is not an OS, it's not a compiler, it's not a word processor or database. Nor it is a good indexing algorithm like Google search. Facebook is just a stupid application for people in need of showing off, or too luser to have a life. It just happened to become more used than many similar ones because of good PR, media pumping it, and lots of idiots believing it. Actually, to develop something like facebook you need to have a first hand knowledge of how many gullible idiots there are around.
To become very rich, you don't need to be really clever and skilled. Sometimes, all you need is little ethics, and a lot of luck. There are several examples of "successful business" built on nothing. That's how the world works, sure, good for them, but nobody and nothing will force me to think they are "exceptional" people. They are still morons. Lucky ones, but morons.
Sure, later he needed to hire some more skilled people to run the infrastructure needed to exploit idiots, but it's not like, say, launching a rocket and then landing it on a barge....
This post has been deleted by its author
You are so right. I realize that fb is the cheap, transfat laden generic cheetohs of the net. I am so freaking tired of his political bs, he suffers from Delusions of Adequacy and is now trying to run the political scene. He's not really "one of them" but they gladly take his money. The censorship is getting out of hand, and you absolutely are right about the users (losers) Remember that fb was begun by some pasty faced fratgeeks as a way to bash and harass women who wouldn't got out with them. I am ashamed to admit I use(d) it but since I got blocked again for not being PC (I referred to the rapefugees in Sweden) I realize it's time to delete the account. Thank you for reminding me. I feel like Stan in that South Park episode "You have 0 friends"
*ahem*, Zuckerberg is just an extremely lucky person, someone who was in the right place at the right time. He was a third rate programmer then, and probably hasn't touched a line of code in the last 5 years.
He just a standard frat boy that won the lottery. He setup facebook to get laid remember. He didn't sit down and plan "hey, I'm going to make an international company, anyone interested".
These days he spends most of his time speaking with accountants, his tax advisor, the board of directors and his legal team to see how to maximise his "product" (ie, you) by lobbying politicians, including being happy to enable censorship for those governments to turn a blind eye to his goings on.
There was no skill in Facebook, there was no strategic planning, there was no end vision, it was just some egotistical frat boy trying to get laid.
Try not to rewrite history to those who lived through it, thanks.
This post has been deleted by its author
It mystifies me why anybody would store a password in a database, regardless of whether or not it's in encrypted form.
Any time I'm designing a back end that needs to perform authentication, I store a hash of the user's password. When they try to log on, hash what they provide and compare that with the hash in the database.
If anyone manages to break into or steal the database, all they have is hashes, from which it will be very hard to reverse engineer the password itself.
If someone steals the database, they don't need to reverse the hashes. They'll just throw a dictionary file at your hashing algorithm and look for matches. Doesn't take too long to brute-force every password up to 6 or 8 characters long as well. This is why you should be salting the passwords before hashing them, and forcing users to have sufficiently long passwords.
By your enthusiasm for hashes, I'd guess you still ballsed it up. Don't worry nobody ever gets it right.
1. Are your hashes upgradable in-place? Are you storing the algorithm and iteration count along with the hash for each user? Could you smoothly upgrade from bcrypt to argon2?
2. Using a key derivation function? There's zero need to build your own, but if you did are you iterating correctly by feeding the password + hash back though the HMAC?
3. How is your database setup? A stored procedure which takes a challenge string, and returns a boolean is immune to SQL injections. And you can lock-down the table's permissions to execute only.
> If anyone manages to break into or steal the database, all they have is hashes, from which it will be very hard to reverse engineer the password itself.
Before throwing stones here, a consumer grade GPU can compute 18 billion (yes with a B) sha1 hashes per second. Most English dictionaries have between 80 and 500 thousand words for some perspective. Or the hash of every possible 5 character password within a second. Very hard should always be understood in context of available number crunching capabilities.
But yes, there is a good chance that the passwords were not hashed enough times with sufficient salt.
It is also a really dumb password and was reused at multiple sites.
"It also serves as a reminder that two-step verification, which LinkedIn supports for all of its users, is not enough in this age of rapidly advancing attacker capability"
...alternately, you could try not re-using weak passwords. And wasn't it LinkedIn who got thoroughly pwned with unhashed passwords, or am I thinking of someone else?
Yep you're remembering right (if I'm also remembering right, that is!).
The LinkedIn breach was from 2012 and they were unhashed (or very weakly hashed) passwords. Ok so he reused passwords, most of us do that on throwaway accounts, big deal. However, the claims that two factor authentication is borked, and using this as an example is total bollocks, this has nothing to do with two factor authentication, this is all to do with very poor database security and the re-using of old passwords on throwaway accounts. (I'm assuming throwaway since from what I read elsewhere Zucks pinterest account had 30 photos on it. Yep sounds like he's using that a lot, doesn't it... )
More likely he's a fan of the 80's German band Trio.
Meanwhile, in case you're interested, I'm in favour of making social networks so secure that no-one can use them any more.
Probably he has the average social media personal assistant who's been hired because he/she looks good, talks well, and can serve a good coffee if required. He/she can also type some carefully crafted sentences, sometimes written by some upper "entity", using some "media outlet" she/he has been told to use.
Proper security mindset is, of course, not required nor any training has been provided.
Why should Zuck spend time logging in? He has to annoy even astronauts who believed they were far enough from facebook....
I don't doubt that Zuckerberg's accounts have been hacked but is there any independent confirmation that the password was 'dadada' and that wasn't just a joke? Everyone appears to be blindly accepting something someone posted on social media (and how well that has worked in the past) but it does seem a little unlikely.