A few months ago, Twitter was hacked by means of a clever, yet somewhat obvious approach. Today, I saw the following alert on my Gmail account, ensuring that this security vulnerability is fixed. I'm often impressed by Gmail, but this is great to see:

Hey, this is important: If you ever lose access to your account, you can send password reset info to [myemailaddress@michaeljaylissner.com]. This address is correct | Update this address

What happened in the case of Twitter was that a hacker did the following:

• Figured out the Gmail address of a Twitter employee
• Went to Gmail's password reminder, and requested a reminder
• This informed him that an email reminder was sent to a specific Hotmail address
• That Hotmail address had been automatically closed due to disuse
• He set up that email account, since it was now available
• He then requested another password reminder, which summarily sent an email to his new Hotmail account
• This gave him complete access to the Twitter employee's gmail account (and thus a lot of other stuff)

The new alert that Gmail is now popping up should serve the function of updating this, and, if done correctly, should fix this problem permanently. Well done Gmail.

Thought I'd post this for the future generations, since I had a hard time finding a template anywhere on the web when I needed one. It's nothing revolutionary, but a useful snippet nonetheless. This is for one of my projects this semester.

import pycurl
def verifyTwitterCredentials(username, password):
    c = pycurl.Curl()
    c.setopt(c.URL, 'http://twitter.com/account/verify_credentials.xml')
    c.setopt(c.USERPWD, username + ":" +  password)
    twitterfeed = c.perform()
 
    status = c.getinfo(c.HTTP_CODE)
 
    if str(status) == '200':
        verified = True
    else:
        verified = False
 
    c.close()
 
return verified

UPDATE: Check the comments for a version with caching.

A friend of mine recently had a rather unfortunate event involving her twitter public timeline, so I thought the time had come to make mine private, more or less.

As a result, I needed to update the code that pulls my most recent Twitter posts into the left hand column so that it would authenticate using the Twitter API. Here's the new code - it ain't pretty, but it works:

<?php
 
// Your twitter username & password.
$username = "YOUR_USERNAME";
$password = "YOUR_TWITTER_PASSWORD";
 
//Concatenate the username and password
$userpass = $username . ":" . $password;
 
//Make up the feed URL
$feed = "http://twitter.com/statuses/user_timeline.atom?count=1";
 
//A function to parse the atom feed and pull out the useful info.
function parse_feed($feed, $username) {
  $stepOne = explode("<content type=\"html\">", $feed);
  $stepTwo = explode("</content>", $stepOne[1]);
 
  $tweet = $stepTwo[0];
  $tweet = str_replace("&lt;", "<", $tweet);
  $tweet = str_replace("&gt;", ">", $tweet);
  $tweet = str_replace($username . ":", "", $tweet); 
  return $tweet;
}
 
//Create a curl object, give it the feed and authentication
$curl_handle=curl_init();
curl_setopt($curl_handle,CURLOPT_URL, $feed);
curl_setopt($curl_handle,CURLOPT_USERPWD, $userpass);
 
//Return the result, don't print it.
curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER, 1); 
 
//Make the connection, set the variable, close the connection.
$twitterFeed = curl_exec($curl_handle);
curl_close($curl_handle);
 
//Echo the parsed feed. Done.
echo parse_feed($twitterFeed, $username);
 
?>

One dependency is the php-curl library, and after you install that, apache2 will want a restart.

I upgraded the site a bit today by adding my Twitter/Facebook feed to left-hand sidebar. To a teenager in Colorado I am indebted for this script. Jeez, they just get younger and younger.

Let me know if you catch any bugginess.