funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: [rforno () infowarrior org: [Infowarrior] - Epic Fail: Twitter Password Security]

From: Rich Kulawiec <rsk () gsp org>
Date: Thu, 16 Jul 2009 09:32:26 -0400
----- Forwarded message from Richard Forno <rforno () infowarrior org> -----


From: Richard Forno <rforno () infowarrior org>
To: Undisclosed-recipients:  <>;
Date: Thu, 16 Jul 2009 00:07:21 -0400
Subject: [Infowarrior] - Epic Fail: Twitter Password Security


Another Security Tip For Twitter: Don?t Use ?Password? As Your Server  
Password
116 Comments
by Robin Wauters on July 15, 2009
With all the chatter about the current security issues surrounding  
Twitter, its workforce and the cloud-based Google apps they use, a new  
security issue has popped up that makes it trivially easy for anyone  
to access the Twitter servers directly. The problem? The password to  
the servers was, literally, ?password.?

Twitter co-founder Biz Stone, responding to our email, said ?this bug  
allowed access to the search product interface only. No personally  
identifiable user information is accessible on that site.? Although no  
user accounts were compromised or accessible, the vulnerability speaks  
to a greater culture of lax security at the startup, and may be  
indicative of how earlier breaches possibly occurred.

With that in mind, we have some friendly advice for Twitter. For  
instance, it would be wise if in the future Twitter insiders do not  
use the password ?password? for the back ends of its systems or one of  
its co-founder?s names (Jack) as a username.

http://www.techcrunch.com/2009/07/15/another-security-tip-for-twitter-dont-use-password-as-your-passwo



See also:

July 16, 2009

Twitter Hack Raises Flags on Security
By CLAIRE CAIN MILLER and BRAD STONE

http://www.nytimes.com/2009/07/16/technology/internet/16twitter.html?_r=1&pagewanted=print
_______________________________________________
Infowarrior mailing list
Infowarrior () attrition org
https://attrition.org/mailman/listinfo/infowarrior


----- End forwarded message -----
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: