emptyage's comments

emptyage · on Feb 22, 2013

The three companies were Twitter, Tumblr and Pinterest: http://www.wired.com/threatlevel/?p=54338

creativityland · on Feb 22, 2013

So what kind of integration did Twitter, Tumblr and Pinterest have with Zendesk? How much of risk are the users are with their passwords?

unreal37 · on Feb 22, 2013

No password data was stored there - so zero. No passwords, password hashes or encrypted passwords were lost.

viscanti · on Feb 22, 2013

But there's a greater than 0% chance that zendesk had an API token for at least one of those services. That could easily allow a hacker to make authenticated requests to those services to gain user info. The fact that usernames and passwords weren't stored on zendesk doesn't mean much, if a hacker can gain full admin access to those other services through an admin token that might have been stored on zendesk.

kelnos · on Feb 22, 2013

I seriously doubt any company (especially the three listed) would give Zendesk admin access to their service. Why would such a thing be necessary, anyway?

jorts · on Feb 22, 2013

I think he meant it the other way around. Having their API token would allow the attacker to have access to all of Twitter/Tumblr/Pinterest's information that's accessible via the Zendesk API.

emptyage · on Aug 4, 2012

Hi, I'm Mat Honan (the guy who was hacked). I've been in touch with the person who hacked my account. He says it wasn't brute force, or guessed. I'll publish more when I know more.

To be clear, the password was unique. I use 1password as a password manager and even double checked to make sure that I wasn't using it anywhere else.

tricolon · on Aug 4, 2012

Have you considered (temporarily) disabling comments on your blog? Many of them are quite hostile, and might as well be deleted.

emptyage · on Aug 4, 2012

They're rabid. But I think it's kind of an interesting side note at this point.

ninguem2 · on Aug 4, 2012

What have you done to elicit so much hate (from the hacker and the commenters)?

emptyage · on Aug 4, 2012

I genuinely don't know. The hacker said it wasn't personal. My guess is that I was a waypoint to get to Gizmodo.

3143 · on Aug 4, 2012

The commenters are most likely Gizmodo readers who dislike his articles.

emptyage · on Aug 3, 2011

We tried to make this fun. Some of the hidden features that I think are pretty cool include the way you can bypass the nagwall with the Konami code, and, of course, the nagwhal: http://two.longshotmag.com/404

jpadvo · on Aug 3, 2011

I poked around, but couldn't find any articles behind the nagwall. Any chance you could let us know where we can see it working?

Great concept, by the way.

joeybaker · on Aug 3, 2011

The nagwall isn't in every story, but it is on many. Here's one: http://two.longshotmag.com/story/money-tank