Twitter Hack Opens Pandora's Box of Security Issues
A hack into Twitter's back-end productivity applications earlier this month is raising some serious questions -- not only about password system security itself, but also about some consequences of network intrusion that may have been unforeseen.
About a month ago, a hacker was able to access a Twitter employee's personal email account, according to a blog post by Twitter cofounder Biz Stone. Once there, the hacker struck the mother lode: access to the employee's Google Apps account, which contained Docs, Calendars and other Google Apps that Twitter uses for sharing notes, spreadsheets, ideas, financial details and so on.
The hacker then went on to peddle this information to various news outlets and other blogs, and some of the purloined content was eventually posted. TechCrunch actually gave its readers a heads up that it had received the stolen information. None of it was embarrassing, but much of it was very interesting, said TechCrunch founder Michael Arrington. That was followed by a bombardment of reader comments debating the pros and cons of publishing any of the material.
Yeah, that was interesting. What I found even more interesting was a publication like TechCrunch publishing stolen information obtained by a hacker. Hope they got their legal folks handy for that one, if Twitter wants to take it down that path.
•AussieHost.com• Aussie Bob, host since 2001 • • Host Multiple Domains on Fast Australian Servers!! •
There is also the point of view that without publicity, some sites are quite likely to keep it all quiet and keep whistling in the dark. The publication may be somewhat sensationalistic, but publication is only taken seriously when the bonafides are proven. Otherwise, they are just rumor and speculation.
Far too many web 2.0 type sites do not seem to have the technical wherewithal to incorporate security into their apps. And even if they do, they seem to fail miserably at understanding the ramifications.
Facebook has just been found to violate 4 provisions of the privacy legislation in Canada by the Privacy Commissioner.
One of those was the fact that any external developer using the public facebook api has access to personally identifiable information of the user. WTF?
The new breed just doesn't *get* security. So, if it takes an outing in public, then that's what it takes. If it takes the VC's yelling at them to fix it, too bad, so sad.
So I am to assume that you think if your computer were hacked and all your personal emails and data stolen that you think it would be OK for TechCrunch to publish them on the web for all the world to read because you deserve it for not having the proper security?
It is one thing to make public the fact they were hacked.
It is another to publish private and confidential company internal transmissions and documents that were stolen.
TechCrunch is probably one of the most unprofessional "mainstream" technology blogs out there.
While they post about some interesting and difference things, I think it's mainly an ego trip for their main editor.
What I personally found great is that TechCrunch has no problem leaking stuff about another company or product (e.g. Twitter here) but when people leak stuff on their unreleased CrunchPad product (essentially an internet browsing table), they "unleash the dogs". Bunch of hypocrites