funsec mailing list archives
Fwd: [rforno () infowarrior org: [Infowarrior] - Epic Fail: Twitter Password Security]
From: Rich Kulawiec <rsk () gsp org>
Date: Thu, 16 Jul 2009 09:32:26 -0400
----- Forwarded message from Richard Forno <rforno () infowarrior org> -----
From: Richard Forno <rforno () infowarrior org> To: Undisclosed-recipients: <>; Date: Thu, 16 Jul 2009 00:07:21 -0400 Subject: [Infowarrior] - Epic Fail: Twitter Password Security Another Security Tip For Twitter: Don?t Use ?Password? As Your Server Password 116 Comments by Robin Wauters on July 15, 2009 With all the chatter about the current security issues surrounding Twitter, its workforce and the cloud-based Google apps they use, a new security issue has popped up that makes it trivially easy for anyone to access the Twitter servers directly. The problem? The password to the servers was, literally, ?password.? Twitter co-founder Biz Stone, responding to our email, said ?this bug allowed access to the search product interface only. No personally identifiable user information is accessible on that site.? Although no user accounts were compromised or accessible, the vulnerability speaks to a greater culture of lax security at the startup, and may be indicative of how earlier breaches possibly occurred. With that in mind, we have some friendly advice for Twitter. For instance, it would be wise if in the future Twitter insiders do not use the password ?password? for the back ends of its systems or one of its co-founder?s names (Jack) as a username. http://www.techcrunch.com/2009/07/15/another-security-tip-for-twitter-dont-use-password-as-your-passwo See also: July 16, 2009 Twitter Hack Raises Flags on Security By CLAIRE CAIN MILLER and BRAD STONE http://www.nytimes.com/2009/07/16/technology/internet/16twitter.html?_r=1&pagewanted=print _______________________________________________ Infowarrior mailing list Infowarrior () attrition org https://attrition.org/mailman/listinfo/infowarrior
----- End forwarded message ----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fwd: [rforno () infowarrior org: [Infowarrior] - Epic Fail: Twitter Password Security] Rich Kulawiec (Jul 16)