By now you've probably made the connection that social media and gadgets are some of my favorite things to blog about. With social media it isn't so much that I absolutely love it and can't get enough of it, it's that I find the way it works/how people connect to be fascinating. With gadgets, I like to play with new pieces of advanced technology so I take a special interest in them. With that being said, today I'm following up on an article I wrote a couple weeks ago on how Twitter is getting a new security team.
When I first heard the news of a new Twitter security team, I immediately felt bit relieved that finally a social media site was starting to take the security of their users seriously. Unfortunately this feeling subsided a bit after hearing the news about another hack on users accounts. The occurrence happened this past week and it involved hackers breaking into Twitter users accounts with desirable handles such as "@blanket" and stealing their account from them in order to try to sell the handle to make money. There is a loophole in Twitter's password reset process allowing this brute force attack to take place. Twitter limits the log-in's by IP address only instead of by account so this allows a hacker with multiple IP address's to try multiple times to gain access to ones account. Once they steal your account they try to sell your handle to the highest bidder. After several attempts for one specific user to get help from Twitter they finally gave him his account back, data in tact.
Now, I don't expect Twitter to solve every issue that could come their way but I did expect that breaches like this would be handled better. For instance, they could employ the password reset that blocks a single account from being accessed incorrectly more than a certain amount of times instead of by IP address. While no company is perfect, since it was in the news about Twitter getting a new security team the other day I expected a bit more.
Reference:
Terdiman, D. (2012, Oct 1). Security hole exposes twitter accounts to hacking, victim claims. Retrieved from http://news.cnet.com/8301-1009_3-57522601-83/security-hole-exposes-twitter-accounts-to-hacking-victim-claims/
No comments:
Post a Comment