Webware, Web, Social Networking
Recent Twitter Hack Reveals Humans Are Still Security's Weakest Link
According to a post on Twitter's official company blog on Wednesday, the data of several of the microblogging site's employees was hacked back in May. Although the site itself was not compromised (user accounts are fine), the e-mail and other personal accounts of employee Jason Goldman were exploited. According to TechCrunch, a hacker, who goes by the handle Hacker Croll, gained access to Goldman's personal Yahoo! e-mail account, and from there broke into his Google Apps account at Twitter. Croll also managed to gain access to the company accounts of other employees, including Twitter co-founder Evan Williams. The cyber criminal pillaged these Google Apps accounts, collecting sensitive e-mails, calendar details, documents, and meeting notes. Some of the documents found their way to TechCrunch, which posted those the site deemed newsworthy (without Twitter's consent, but with its approval). Twitter is, of course, not happy about this -- the documents contained financial forecasts, plans on monetizing the popular service, and even pitches for Twitter-themed reality shows.
First, the breach underscores the necessity of basic security. The hacker didn't use a backdoor or exploit a hole in Google or Yahoo!'s Web-based software. Instead, from the info provided by Twitter, it appears that Croll was able to access the accounts by guessing or resetting the passwords. Seriously.
Twitter relies heavily on cloud-based apps (Web-centric programs such as Google Docs or Web-based e-mail), and these services are becoming increasingly interconnected. Even social Web apps are beginning to share data: Facebook Connect and Google Friend Connect, for example, let you log in to multiple sites with a simple Facebook or Google account, raising the vulnerability of your entire online identity.
The latest Twitter breach is a reminder that the time spent by Google and Microsoft spend plugging product holes and gaps isn't all that effective when users may actually be the weakest link in the chain. While good security may start with picking a strong password, it doesn't end there. These sites offer a quick and easy way to recover or reset your password, usually involving a "secret" question. Sadly, that question is usually something like, "What is your pet's name?" or, "Where did you go to high school?" -- Information that could easily be obtained by visiting your Facebook profile.
Therefore, even the Web-savvy aren't immune to bad browsing and security habits. Take some of our advice for building a stronger password and avoid suffering the same fate as the Twitter pros. Though, we're sure TechCrunch would be much less interested in your private e-mails, unless, of course, you happen to be Eric Schmidt. [From: CNET, Reuters, TechCrunch, and Twitter]
_thumbnail.jpg "Vintage Keyboards")
Reader Comments (Page 1 of 1)
__smooth__ said 2:13PM on 7-23-2009
the stupidity of all this doesn't rely on humans USERS so much as it does on human developers when they make you choose a pre-written question instead of letting us write up a hard to answer conundrum.
Reply
garciashinypearl said 1:41AM on 9-02-2009
Hacking can do open such important details that is probably must be the privateness of one person.As in the article,we should avoid suffering it by means of avoiding answering a secret question which can easily be obtained when you open your account,as in the article shows.We should be safe or aware in this kind of computer problem.
Reply
anirhtakmae said 3:12AM on 7-28-2009
Registering or joining webs on the computer nowadays like facebook, friendster etc. is not safe or adviceable especially when you put all the information about yourself because hacker may use your identity to open your documents, email or accounts. Although hacker violated Commandments of the Computer Ethics, yes it is a crime but still it is in us, the responsibility to secure our privacy because computer or social webs rather were created for all the users so it's open for everyone. We must be aware on our sorrounding because no one else can be trusted but yourself...
Reply
blazermax_33 said 3:51AM on 7-28-2009
Hacking is almost happening in our country and even at the other country and sometimes we didn't know how to avoid it.It is also considered as one of the computer abuses and almost of them violates our ten commandments of computer ethics specifically the 2nd and 7th commandment. To avoid this, we must be careful with our own property(account); make sure that you must log-out your account before closing it; you must be able know if the people around you is looking on what you type on your password, specifically when you didn't know them; and lastly make your password a hard/difficult word.
Reply
rhomain12 said 3:58AM on 7-28-2009
All i can say,beware of hacker,because based on the article the hacker violated the ten commandments most especially the 3th,4th,7th.The hacker stealing the accounts of the twitters and snooping the files.So,what can we do change your password that hard to guess.And be a good hacker to avoid the ten commandments.
Reply
Cadiz_j_100 said 5:08AM on 7-28-2009
Good security may start with picking a strong password,it doesn't give much because information could easily be obtain through friendster and other accounts.So be carefull with hacker because it might make your life terrible.
Reply
espejo_km_100 said 5:09AM on 7-28-2009
Registering or joining webs like facebook, friendster etc. nowadays is not safe nor adviceable because all informations about yourself can be research in public that can be easier to the hackers to open your emails, documents or accounts that can cause you a big problem on your privacy. The hacker made a crimes that are againts the commandments of the Computer Ethics but still its our responsibility to secure our own identity or privacy. We can't blame the users to hack such as emails because computers or webs rather were made for all users so no one else you can be trusted but yourself.
Reply