Risk

6/2/2009
11:21 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Tweet Your Vacation Status. Get Burglarized?

Any of us who regularly use the micro blogging site Twitter do it all of the time: we broadcast our whereabouts in real time. It's kind of the point of the entire Twitter experience. Yet, this video podcaster believes he may have been robbed because of his Tweeting his vacation status.

Any of us who regularly use the micro blogging site Twitter do it all of the time: we broadcast our whereabouts in real time. It's kind of the point of the entire Twitter experience. Yet, this video podcaster believes he may have been robbed because of his Tweeting his vacation status.Israel Hyman, known as @izzyvideo on Twitter, came home with his family from a vacation in the midwest to find the house had been burglarized. Hyman believes the trouble started as a result of a Tweet that stated he and his family were away from home, and on vacation.

It's possible one of Israel's followers targeted him as a result of the Tweet. Then again, all Tweets (unless you lock your account) are publicly searchable. It is also conceivable thieves were searching Twitter, using Twitter search, seeking people who were traveling, and would be away from home for a number of days. Unless the thieves are caught, we'll probably never know.

Interesting thing is, it's almost impossible to use Twitter without revealing information that could make one vulnerable to attack, or at least a target. Many regular users of Twitter will reveal their commute times, property they have in their home, their location, real name, when they're at conferences, and even when they've arrived at the airport.

Will this change the way people use Twitter? Perhaps so, if these types of events become commonplace.

Then again, it's quite possible the entire episode is an unfortunate coincidence for Israel. Correlation, after all, doesn't always reveal causation.

If you'd like my technology and security observations throughout the day, please follow me on Twitter. (But feel free not to show up at my home, while I'm away).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10617
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application t...
CVE-2018-10621
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application ...
CVE-2018-10623
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote co...
CVE-2015-4664
PUBLISHED: 2018-06-18
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
CVE-2018-9021
PUBLISHED: 2018-06-18
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.