Risk

6/2/2009
11:21 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Tweet Your Vacation Status. Get Burglarized?

Any of us who regularly use the micro blogging site Twitter do it all of the time: we broadcast our whereabouts in real time. It's kind of the point of the entire Twitter experience. Yet, this video podcaster believes he may have been robbed because of his Tweeting his vacation status.

Any of us who regularly use the micro blogging site Twitter do it all of the time: we broadcast our whereabouts in real time. It's kind of the point of the entire Twitter experience. Yet, this video podcaster believes he may have been robbed because of his Tweeting his vacation status.Israel Hyman, known as @izzyvideo on Twitter, came home with his family from a vacation in the midwest to find the house had been burglarized. Hyman believes the trouble started as a result of a Tweet that stated he and his family were away from home, and on vacation.

It's possible one of Israel's followers targeted him as a result of the Tweet. Then again, all Tweets (unless you lock your account) are publicly searchable. It is also conceivable thieves were searching Twitter, using Twitter search, seeking people who were traveling, and would be away from home for a number of days. Unless the thieves are caught, we'll probably never know.

Interesting thing is, it's almost impossible to use Twitter without revealing information that could make one vulnerable to attack, or at least a target. Many regular users of Twitter will reveal their commute times, property they have in their home, their location, real name, when they're at conferences, and even when they've arrived at the airport.

Will this change the way people use Twitter? Perhaps so, if these types of events become commonplace.

Then again, it's quite possible the entire episode is an unfortunate coincidence for Israel. Correlation, after all, doesn't always reveal causation.

If you'd like my technology and security observations throughout the day, please follow me on Twitter. (But feel free not to show up at my home, while I'm away).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.