[Infowarrior] - Epic Fail: Twitter Password Security
Richard Forno
rforno at infowarrior.org
Thu Jul 16 04:07:21 UTC 2009
Another Security Tip For Twitter: Don’t Use “Password” As Your Server
Password
116 Comments
by Robin Wauters on July 15, 2009
With all the chatter about the current security issues surrounding
Twitter, its workforce and the cloud-based Google apps they use, a new
security issue has popped up that makes it trivially easy for anyone
to access the Twitter servers directly. The problem? The password to
the servers was, literally, “password.”
Twitter co-founder Biz Stone, responding to our email, said “this bug
allowed access to the search product interface only. No personally
identifiable user information is accessible on that site.” Although no
user accounts were compromised or accessible, the vulnerability speaks
to a greater culture of lax security at the startup, and may be
indicative of how earlier breaches possibly occurred.
With that in mind, we have some friendly advice for Twitter. For
instance, it would be wise if in the future Twitter insiders do not
use the password “password” for the back ends of its systems or one of
its co-founder’s names (Jack) as a username.
http://www.techcrunch.com/2009/07/15/another-security-tip-for-twitter-dont-use-password-as-your-passwo
See also:
July 16, 2009
Twitter Hack Raises Flags on Security
By CLAIRE CAIN MILLER and BRAD STONE
http://www.nytimes.com/2009/07/16/technology/internet/16twitter.html?_r=1&pagewanted=print
More information about the Infowarrior
mailing list