The recent publicity about Kanye West’s e-mail account being hacked made me think about how one account can lead to so many more. A quick scan through anyone’s Gmail account is likely to show various welcome e-mails from other accounts such as twitter and facebook.

These accounts are linked to an e-mail account for alerts or password reset functions. Sometimes the welcome e-mails will show the full credentials that the user signed up with, sometimes just the username. Most websites will have a password reset functions that sends an e-mail to the users e-mail account so a hacker could quite easy perform this operation once the first account is hacked.

So you can see if someone has an account they generally use for signing up to other websites, one hack will definitely lead to more compromise.

What can you do? This is a tricky one. Until more websites ask for security information during reset functions and stop sending credentials in e-mails this will always be a problem. The real advice is to make sure you protect your e-mail as much as possible and use good quality passwords that can’t easily be guessed. Avoid any computer that isn’t your own, particularly Internet cafes and public computers which are likely to harbour key logging software. The use of third factor authenticaiton such as token is also highly recommended where available.

Kanye West says someone has taken control of his Twitter. Not to mention his Gmail and MySpace accounts.

The rap star says that someone is using all three services to spread false reports, including one that claimed he was open to launching a new career as a bisexual porn star.

“Now somebody has been hacking into my MySpace and somebody’s actually hacked into my personal Gmail account and has been emailing people from it,” West wrote in a posting on his blog. “Hey world, I no longer have a Gmail!”

http://www.theregister.co.uk/2009/01/26/kanye_west_hacked/

Twitter could arguably be the facebook’esk Internet phenomenon of 2008 with millions of information hungry users tracking their favourite friends and organisations through a series of status updates.

As with many new fads the early technology rarely accounts for security until they get hacked. Twitter is no exception, some notable names including Britney spears had their accounts hijacked this week in what appears to be simple password guessing attack on an Twitter admins account.

This old school hack uses a principle of trying many password combinations until the right one is found, usually with the use of a simple script or tool. Twitter accounts do not enforce any password lockouts, policies or the use of CAPTCHA (those annoying wiggly letters you have to type in) making them prone to this kind of attack. The use of a decent password however would have stopped this attack in its tracks. Passwords should be of 8 or more characters, uppercase, lowercase, numbers and special characters.

Base them around a saying to make them more memorable for example $RobRul3s007$ which is my twitter password (joking) which is very unlikely to ever be found in this kind of attack.