Twitter Is Probably Giving Your Password Out To People Who Hate You

Don't worry, it's just a (((bug)))


5
3 comments, 26 shares, 5 points

Anime Right News (ARN—  Twitter announced to its users this morning that they fixed a bug which caused all passwords to be logged in plaintext every time a user logged in. And we might have believed them that it was “just a bug” if Twitter’s backend wasn’t run by a crew of transexual software engineers with chips on their shoulders, actively working with organizations to gather data on you and build enemy lists. But you really shouldn’t be worried unless you have something to hide from any one of the countless psychotic organizations that now have your data and your passwords.

It's Just a Bug, Bro


Twitter went into some details about the bug in their full public response:

This isn't the first bug Jack Dorsey let in to Twitter HQ: that distinction goes to the AIDS Virus.
There's a lot of reasons why this is bullshit, the most obvious being that logging isn't a bug at all: it's for record keeping. Most log files are kept for years by major companies to be reviewed later if something comes up. Or in this case, to help the ADL build a better online profile on you.

Another reason is that no serious organization actually stores your passwords at all because it makes no sense to do so - if hashing and salting is done properly, even if somebody hacked Twitter they couldn't get your password at all because Twitter wouldn't even have it. Going through the extra effort of logging a password into a file in plaintext before you even hash & salt completely negates this advantage.

But the most telling reason that this is bullshit is that bcrypt, being a library, does all the encryption for you - this isn't hundreds of lines of code to debug with fucked up vector math that only five mathematicians in the US can understand, we're talking about a single fucking line of code that probably looked like this:

That means somewhere above that one line of password encryption/comparison is several more lines that open a log file, attempt to write, and then close the log file. Why even go through the extra effort? Unless of course you were doing all this on purpose. Then it makes complete sense.

The Disclosure Says a Lot.

This wasn't a mistake: Twitter was deliberately logging your information. Now the question is why they felt the need to tell us, and why they felt the need to lie to us while doing so.

This leads us to some disturbing conclusions:

Twitter was going through extra effort to avoid best practices in order to collect information on you. They felt the need to disclose it because it was discovered by potential whistle blower or, and lets hope this isn't the case, they suspect a breach but couldn't say so because the subsequent investigation would say exactly what I'm telling you right now: this was no accident, and your data was changing hands with some very creepy organizations.

So Twitter had a choice: get in front of this and call it a bug or risk a whistle blower or a hacker dumping the story on a major news network. And I wouldn't be surprised if we soon hear about similar "bug" fixes from other major Silicon Valley players who have signed deals with the devil after C-Ville.


What's Your Reaction?

*Almonds Activated* *Almonds Activated*
12
*Almonds Activated*
MY SIDES MY SIDES
0
MY SIDES
Tragic Tragic
0
Tragic
Awooo! Awooo!
0
Awooo!
That's Bait That's Bait
0
That's Bait
The Fire Rises The Fire Rises
0
The Fire Rises
Cozy Cozy
0
Cozy
LEWD LEWD
0
LEWD
<333 <333
0
<333
Nice Nice
0
Nice
Smug af Smug af
0
Smug af
Woke Woke
2
Woke
WTSF? WTSF?
0
WTSF?
REEEEEEE!!!!!1 REEEEEEE!!!!!1
9
REEEEEEE!!!!!1
Angery Angery
14
Angery
Cringe Cringe
0
Cringe
Enough. Enough.
2
Enough.
Press F Press F
0
Press F
Muahahah Muahahah
0
Muahahah
MY EYES!!! MY EYES!!!
0
MY EYES!!!
Satisfied Satisfied
0
Satisfied
Wholesome Wholesome
0
Wholesome
PANDA

So I wrote an article that made you angry enough to read my bio? I'm really sorry about that. Maybe don't be such a faggot next time?

3 Comments

Your email address will not be published. Required fields are marked *

    1. The only way I could see, is that they somehow captured the passwords in the access logs or capture it on debug level. Both can happen, but still weird.
      If it really was at the place of hashing, it would be at least neglect.

Choose A Format
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Poll
Voting to make decisions or determine opinions
Open List
Submit your own item and vote up for the best submission
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge

Send this to a friend