Skip to content
By using Twitter’s services you agree to our Cookies Use. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads.
  • Home Home Home, current page.
  • Moments Moments Moments, current page.

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?

    New to Twitter?
    Sign up
fs0c131y's profile
Elliot Alderson
Elliot Alderson
Elliot Alderson
@fs0c131y

Tweets

Elliot Alderson

@fs0c131y

French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others. Not completely schizophrenic. Not related to USANetwork. DMs open.

Joined June 2015

Tweets

  • © 2018 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list


    Under 100 characters, optional

    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    Elliot Alderson‏ @fs0c131y May 3

    Yesterday @github, today @Twitter. What is really happening?pic.twitter.com/GF4zyBpkkt

    2:16 PM - 3 May 2018
    • 201 Retweets
    • 303 Likes
    • Kanishk Sajnani kim 👅 Jannik Sailn Rishi Dwivedi Krown0s Sathishkumar Jayaraj Manjunath H S JoeChip
    32 replies 201 retweets 303 likes
      1. Elliot Alderson‏ @fs0c131y May 3

        Elliot Alderson Retweeted Twitter Support

        The official Twitter communicationhttps://twitter.com/twittersupport/status/992132808192634881?s=21 …

        Elliot Alderson added,

        Twitter SupportVerified account @TwitterSupport
        We recently found a bug that stored passwords unmasked in an internal log. We fixed the bug and have no indication of a breach or misuse by anyone. As a precaution, consider changing your password on all services where you’ve used this password. https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html …
        4 replies 7 retweets 23 likes
        Show this thread
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. SΞbastien F4GRX‏ @f4grx May 3
        Replying to @fs0c131y @github @Twitter

        bug on rails? https://stackoverflow.com/questions/5281548/password-showing-in-production-log … (thx @skywodd )

        0 replies 1 retweet 9 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. Thanos Giannopoulos‏ @thanos_gn May 4
        Replying to @fs0c131y @github @Twitter

        That's ironic. 3rd May was Password Day.https://www.daysoftheyear.com/days/password-day/ …

        0 replies 1 retweet 2 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. Martin Sundhaug‏ @sundhaug92 May 3

        Nah. The twitter-thing was essentially def generate_reset_password(): password=[choice(string.printable) for _ in range(15)] log(password) return fancy_hash(password)

        0 replies 1 retweet 3 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. Sam‏ @BodinSamuel May 3
        Replying to @fs0c131y @gchampeau and

        GPDR check ?

        0 replies 0 retweets 3 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. Kim Next‏ @PrKimNext May 3
        Replying to @fs0c131y @jbfavre and

        Coincidence do not exist.

        0 replies 1 retweet 1 like
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. New conversation
      2. Srijan Singh‏ @srijannN May 3
        Replying to @fs0c131y @github @Twitter

        Is there any good article which can point out good ways to have great passwords and techniques to prevent from using same pass everywhere?

        1 reply 0 retweets 1 like
      3. ʲᵃᵏᵒʸᵘᵍᶦ‏ @awino_g May 3
        Replying to @srijannN @fs0c131y and

        Use a password generator to get a strong password and then use a master password so you don't have to remember all your passwords for different sites.

        2 replies 0 retweets 2 likes
      4. Srijan Singh‏ @srijannN May 4
        Replying to @awino_g @fs0c131y and

        But isn't it vulnerable to single point failure?

        3 replies 0 retweets 1 like
      5. ʲᵃᵏᵒʸᵘᵍᶦ‏ @awino_g May 4
        Replying to @srijannN @fs0c131y and

        That is correct. Personally I don't use a master password. Sth almost similar but not entirely. But I feel like that is what is being pushed around plus it's probably the most secure way.

        2 replies 0 retweets 0 likes
      6. Srijan Singh‏ @srijannN May 4
        Replying to @awino_g @fs0c131y and

        But you still you use password generator?

        1 reply 0 retweets 0 likes
      7. ʲᵃᵏᵒʸᵘᵍᶦ‏ @awino_g May 4
        Replying to @srijannN @fs0c131y and

        Yes. I just don't send over the web. When am feeling creative, I just write a simple js script to generate with all the conditions I need.

        1 reply 0 retweets 0 likes
      8. Srijan Singh‏ @srijannN May 4
        Replying to @awino_g @fs0c131y and

        gotcha. do you also store it and secure the database on your own or just remember?

        1 reply 0 retweets 0 likes
      9. ʲᵃᵏᵒʸᵘᵍᶦ‏ @awino_g May 4
        Replying to @srijannN @fs0c131y and

        I obviously store the password (too many accounts and I never use the same password whatsoever). Admittedly, it's not a database I secure by myself. I use an end-to-end encrypted email client, one that doesn't store your password anywhere so if you forget it you lose your account

        2 replies 0 retweets 0 likes
      10. 2 more replies
      1. nishant‏ @NISHANTTIWARI12 May 3
        Replying to @fs0c131y @github @Twitter

        Password.txt

        0 replies 0 retweets 2 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. S@ndeep‏ @sandeep_3D May 3
        Replying to @fs0c131y @github @Twitter

        As soon as I read your tweet, the same thing popped up! Lolz 😂pic.twitter.com/URT1ABMT6S

        0 replies 0 retweets 2 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. vaneay‏ @vaneay May 3
        Replying to @fs0c131y @github @Twitter

        #GDPR ?

        0 replies 0 retweets 2 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. New conversation
      2. Jan‏ @FGIjan May 3
        Replying to @fs0c131y @github @Twitter

        Their statement is a lookalike: We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter’s system. This allows our systems to validate your account

        1 reply 0 retweets 1 like
      3. Jan‏ @FGIjan May 3
        Replying to @FGIjan @fs0c131y and

        credentials without revealing your password. This is an industry standard. Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords,

        2 replies 0 retweets 0 likes
      4. Alexander Hanff‏ @alexanderhanff May 3
        Replying to @FGIjan @fs0c131y and

        How could this even happen in the first place? How do you "accidentally" write an unhashed password to a freaking log file? This isn't a bug, this is a deliberate action being whitewashed as a bug.

        1 reply 0 retweets 0 likes
      5. Jan‏ @FGIjan May 3
        Replying to @alexanderhanff @fs0c131y and

        I don't know... I wouldn't do that, as this data is toxic data

        1 reply 0 retweets 0 likes
      6. Alexander Hanff‏ @alexanderhanff May 3
        Replying to @FGIjan @fs0c131y and

        It is just ludicrous for them to claim this was a bug - I can't imagine any situation which ever warrants writing an unhashed password to a log file - the entire concept is batshit crazy.

        1 reply 0 retweets 2 likes
      7. David Matthews‏ @DaveDonMatthews May 3
        Replying to @alexanderhanff @FGIjan and

        You don't even need an unencrypted password for debugging! This is someone collecting passwords in Twitter!

        1 reply 0 retweets 0 likes
      8. Alexander Hanff‏ @alexanderhanff May 4
        Replying to @DaveDonMatthews @FGIjan and

        Exactly...

        0 replies 0 retweets 0 likes
      9. End of conversation

    Loading seems to be taking a while.

    Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

      Promoted Tweet

      false

      • © 2018 Twitter
      • About
      • Help Center
      • Terms
      • Privacy policy
      • Cookies
      • Ads info