Michael Jay Lissnerhttps://michaeljaylissner.com/2009-10-02T20:37:12-07:00Google Resonds to the Twitter Attack2009-10-02T20:37:12-07:00Mike Lissnertag:michaeljaylissner.com,2009-10-02:posts/2009/10/02/google-responds-to-the-twitter-attack/<p>A few months ago, Twitter was hacked by means of a <a href="http://www.techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/">clever,
yet somewhat obvious approach</a>. Today, I saw the following alert on my Gmail
account, ensuring that this security vulnerability is fixed. I’m often
impressed by Gmail, but this is great to see:</p>
<blockquote>
<p>Hey, this is important: If you ever lose access to your account,
you can send password reset info to [myemailaddress@michaeljaylissner.com].
This address is correct | Update this address</p>
</blockquote>
<p>What happened in the case of Twitter was that a hacker did the following:</p>
<ul>
<li>Figured out the Gmail address of a Twitter employee</li>
<li>Went to <a href="https://www.google.com/accounts/ForgotPasswd?service=mail&fpOnly=1">Gmail’s password reminder</a>, and requested a reminder</li>
<li>This informed the hacker that an email reminder was sent to a specific
Hotmail address</li>
<li><strong>That Hotmail address had been automatically closed due to disuse</strong></li>
<li>The hacker set up that email account, since it was now available</li>
<li>The hacker then requested another password reminder, which summarily sent an
email to his new Hotmail account</li>
<li>This gave the hacker complete access to the Twitter employee’s gmail
account (and thus a lot of other stuff)</li>
</ul>
<p>The new alert that Gmail is now popping up should serve the function of
updating this, and, if done correctly, should fix this problem permanently.
Well done Gmail.</p>A Python Function to Verify Twitter Credentials2009-04-03T19:09:25-07:00Mike Lissnertag:michaeljaylissner.com,2009-04-03:posts/2009/04/03/a-python-function-to-verify-twitter-credentials/<p>Thought I’d post this for the future generations, since I had a hard time
finding a template anywhere on the web when I needed one. It’s nothing
revolutionary, but a useful snippet nonetheless. This is for one of my
projects this semester.</p>
<div class="highlight"><pre><span class="kn">import</span> <span class="nn">pycurl</span>
<span class="k">def</span> <span class="nf">verifyTwitterCredentials</span><span class="p">(</span><span class="n">username</span><span class="p">,</span> <span class="n">password</span><span class="p">):</span>
<span class="n">c</span> <span class="o">=</span> <span class="n">pycurl</span><span class="o">.</span><span class="n">Curl</span><span class="p">()</span>
<span class="n">c</span><span class="o">.</span><span class="n">setopt</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">URL</span><span class="p">,</span> <span class="s">'http://twitter.com/account/verify_credentials.xml'</span><span class="p">)</span>
<span class="n">c</span><span class="o">.</span><span class="n">setopt</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">USERPWD</span><span class="p">,</span> <span class="n">username</span> <span class="o">+</span> <span class="s">":"</span> <span class="o">+</span> <span class="n">password</span><span class="p">)</span>
<span class="n">twitterfeed</span> <span class="o">=</span> <span class="n">c</span><span class="o">.</span><span class="n">perform</span><span class="p">()</span>
<span class="n">status</span> <span class="o">=</span> <span class="n">c</span><span class="o">.</span><span class="n">getinfo</span><span class="p">(</span><span class="n">c</span><span class="o">.</span><span class="n">HTTP_CODE</span><span class="p">)</span>
<span class="k">if</span> <span class="nb">str</span><span class="p">(</span><span class="n">status</span><span class="p">)</span> <span class="o">==</span> <span class="s">'200'</span><span class="p">:</span>
<span class="n">verified</span> <span class="o">=</span> <span class="bp">True</span>
<span class="k">else</span><span class="p">:</span>
<span class="n">verified</span> <span class="o">=</span> <span class="bp">False</span>
<span class="n">c</span><span class="o">.</span><span class="n">close</span><span class="p">()</span>
<span class="k">return</span> <span class="n">verified</span>
</pre></div>Privatizing the Twitter API Feed2009-03-20T12:34:31-07:00Mike Lissnertag:michaeljaylissner.com,2009-03-20:posts/2009/03/20/privitizing-twitter-api-feed/<p><span class="caps">UPDATE</span>: Check the comments for a version with caching.</p>
<p>A friend of mine recently had a rather unfortunate event involving her twitter
public timeline, so I thought the time had come to make mine private, more or less.</p>
<p>As a result, I needed to update the code that pulls my most recent Twitter
posts into the left hand column so that it would authenticate using the
Twitter <span class="caps">API</span>. Here’s the new code - it ain’t pretty, but it works:</p>
<div class="highlight"><pre><span class="cp"><?php</span>
<span class="c1">// Your twitter username & password.</span>
<span class="nv">$username</span> <span class="o">=</span> <span class="s2">"YOUR_USERNAME"</span><span class="p">;</span>
<span class="nv">$password</span> <span class="o">=</span> <span class="s2">"YOUR_TWITTER_PASSWORD"</span><span class="p">;</span>
<span class="c1">//Concatenate the username and password</span>
<span class="nv">$userpass</span> <span class="o">=</span> <span class="nv">$username</span> <span class="o">.</span> <span class="s2">":"</span> <span class="o">.</span> <span class="nv">$password</span><span class="p">;</span>
<span class="c1">//Make up the feed URL</span>
<span class="nv">$feed</span> <span class="o">=</span> <span class="s2">"http://twitter.com/statuses/user_timeline.atom?count=1"</span><span class="p">;</span>
<span class="c1">//A function to parse the atom feed and pull out the useful info.</span>
<span class="k">function</span> <span class="nf">parse_feed</span><span class="p">(</span><span class="nv">$feed</span><span class="p">,</span> <span class="nv">$username</span><span class="p">)</span> <span class="p">{</span>
<span class="nv">$stepOne</span> <span class="o">=</span> <span class="nb">explode</span><span class="p">(</span><span class="s2">"<content type=</span><span class="se">\"</span><span class="s2">html</span><span class="se">\"</span><span class="s2">>"</span><span class="p">,</span> <span class="nv">$feed</span><span class="p">);</span>
<span class="nv">$stepTwo</span> <span class="o">=</span> <span class="nb">explode</span><span class="p">(</span><span class="s2">"</content>"</span><span class="p">,</span> <span class="nv">$stepOne</span><span class="p">[</span><span class="mi">1</span><span class="p">]);</span>
<span class="nv">$tweet</span> <span class="o">=</span> <span class="nv">$stepTwo</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span>
<span class="nv">$tweet</span> <span class="o">=</span> <span class="nb">str_replace</span><span class="p">(</span><span class="s2">"&lt;"</span><span class="p">,</span> <span class="s2">"<"</span><span class="p">,</span> <span class="nv">$tweet</span><span class="p">);</span>
<span class="nv">$tweet</span> <span class="o">=</span> <span class="nb">str_replace</span><span class="p">(</span><span class="s2">"&gt;"</span><span class="p">,</span> <span class="s2">">"</span><span class="p">,</span> <span class="nv">$tweet</span><span class="p">);</span>
<span class="nv">$tweet</span> <span class="o">=</span> <span class="nb">str_replace</span><span class="p">(</span><span class="nv">$username</span> <span class="o">.</span> <span class="s2">":"</span><span class="p">,</span> <span class="s2">""</span><span class="p">,</span> <span class="nv">$tweet</span><span class="p">);</span>
<span class="k">return</span> <span class="nv">$tweet</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1">//Create a curl object, give it the feed and authentication</span>
<span class="nv">$curl_handle</span><span class="o">=</span><span class="nb">curl_init</span><span class="p">();</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl_handle</span><span class="p">,</span><span class="nx">CURLOPT_URL</span><span class="p">,</span> <span class="nv">$feed</span><span class="p">);</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl_handle</span><span class="p">,</span><span class="nx">CURLOPT_USERPWD</span><span class="p">,</span> <span class="nv">$userpass</span><span class="p">);</span>
<span class="c1">//Return the result, don't print it.</span>
<span class="nb">curl_setopt</span><span class="p">(</span><span class="nv">$curl_handle</span><span class="p">,</span><span class="nx">CURLOPT_RETURNTRANSFER</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span>
<span class="c1">//Make the connection, set the variable, close the connection.</span>
<span class="nv">$twitterFeed</span> <span class="o">=</span> <span class="nb">curl_exec</span><span class="p">(</span><span class="nv">$curl_handle</span><span class="p">);</span>
<span class="nb">curl_close</span><span class="p">(</span><span class="nv">$curl_handle</span><span class="p">);</span>
<span class="c1">//Echo the parsed feed. Done.</span>
<span class="k">echo</span> <span class="nx">parse_feed</span><span class="p">(</span><span class="nv">$twitterFeed</span><span class="p">,</span> <span class="nv">$username</span><span class="p">);</span>
<span class="cp">?></span><span class="x"></span>
</pre></div>
<p>One dependency is the php-curl library, and after you install that, apache2
will want a restart. </p>Twitter (and Facebook) Integrated2009-01-25T13:03:03-08:00Mike Lissnertag:michaeljaylissner.com,2009-01-25:posts/2009/01/25/twitter-and-facebook-integrated/<p>I upgraded the site a bit today by adding my Twitter/Facebook feed to left-hand sidebar. To a <a href="http://spookyismy.name/resources/latest-twitter-update-with-phprss-_-part-one">teenager in Colorado</a> I am indebted for this script. Jeez, they just get younger and younger. </p>
<p>Let me know if you catch any bugginess. </p>