Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

1/6/2009
06:16 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

The Twitter Hack: One Thing You Need To Do

As many of you know, the week has been off to a bad start for the Twitter microblogging site. While there's no absolute way to protect yourself when a vendor's security system fails, there is one crucial step you can take to limit your exposure.

As many of you know, the week has been off to a bad start for the Twitter microblogging site. While there's no absolute way to protect yourself when a vendor's security system fails, there is one crucial step you can take to limit your exposure.In case you're not familiar with what happened, Tom Claburn covered the news here. Essentially, Twitter (well known for its capacity meltdowns) finally suffered a significant security meltdown when its support software was supposedly hacked, and a number of "celebrity" accounts such as those belonging to Britney Spears, CNN's Rick Sanchez, and President-elect Barack Obama were all hacked. Plus, there was a significant phishing campaign under way as well -- but savvy users know to avoid phishing scams.

The Twitter systems getting hacked make it much more serious. This kind of hack could happen to any online service provider. Of that, I have zero doubt. But it's more likely to happen to newer vendors with much less mature systems and processes in place. Think Twitter, all of the Twitter-based services (P.S.: never give your password and user name to any of those), as well as all of the new social-network sites that seem to be cropping up every day. Any one of these is a prime candidate for getting hacked because of technical or procedural immaturity.

What can you do to protect yourself? Use a different password for each. Now that may not sound feasible -- and it's probably not. Not without a little help. To manage nearly one hundred passwords, I use 1Password on all of my Mac OS X systems, and I use RoboForm on all of my Windows systems.

These apps make it possible for you to easily manage multiple passwords for all of your Web site logons, as well as automate the filling of registration forms. They'll both also automatically generate strong passwords for you to use.

Which gets us to the One Thing You Need To Do regarding the Twitter hack. Use a different password for e-mail than you do for these social network sites. Having your Twitter account hacked is one thing -- but if that Twitter password is the same as your e-mail password, you're hosed.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27621
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
CVE-2020-27620
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
CVE-2020-27619
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-17454
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
CVE-2020-24421
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.