Couldn't get much easier...big mistake.

[dagershman_dgt at dagertech.net (David A. Gershman)]

I regret very much sending the earlier email about the 'cs420' account
on Twitter.  I made the mistake of thinking members of this list are all
honest security workers wanting to make cyberspace safer.

After reading the replies to my email, I re-checked the account and
found someone did in fact log in, post two "invalid" tweets, changed the
avatar to something inappropriate, and changed the password.

I'd like to think this happened as a result of this mailing list being
indexed, and perhaps someone *off* the list found the information and
harmed the account.  However, the dates on the tweets are the same day
of my original email.  I have a difficult time believing any index
engine could work that fast allowing the email to be seen by an
ill-purposed individual in less than 7 hours.  Yes, it's possible, just
hard to believe.

For the rest of you, those who do want to make things better and safer,
learn from my mistake as I have.  Unless you know every person you're
communicating information to, and trust them, you must maintain caution
with that which you communicate.

In retrospect, if I did want to point out the flaw in tweeting a
username/password, it should have been without giving the account name
and only after informing the owner and/or Twitter admins.

--David