After focusing earlier this year on Anti-Virus vendors, Uno, the Romanian Hacker is now back and reports in his blog that an Orange France web site dedicated to photo management is vulnerable to SQL injection and that he was able to access 245,000 records from the web site.

Twitter reports in a blog entry that 750 accounts were hacked. The hacker posted messages linking to a porn webcam. While Twitter did not disclose how the attack was carried out, the suggested remediation hints that the account passwords were guessed, probably using a brute force attack.

Update (Jan 11^th 2009) - The hacker bragged about the hack and revealed that it was a brute force dictionary attack against an administrator account. Twitter does not block repetitive login failures therefore enabling brute force attacks. We are still leaving the incident classification "insufficient authentication" in addition to brute force as we feel an administration interface should have additional authentication mechanism and not just a password.

Twitter announced that a hacker broke into 33 accounts including Obama's now inactive twitter. The hack is a result of a flaw in a web based support tool used by twitter, which where evidently accessible externally without proper authorization.

It is important to note that this incident is not related to Twitter phishing attack which occurred on the previous weekend.

This incident highlights the issue of public facing administration interfaces, which often combine strong functionality with lesser attention to quality and therefore security. As organizations virtualize, those interfaces become available over the Internet, often without sufficient protection.

You can read some of the funny things that the hacker published in different twitters on Read Write Web.

Additional information:

• CNet
• Media Bistro