----- Forwarded message from Richard Forno <[email protected]> -----
> From: Richard Forno <[email protected]> > To: Undisclosed-recipients: <>; > Date: Thu, 16 Jul 2009 00:07:21 -0400 > Subject: [Infowarrior] - Epic Fail: Twitter Password Security > > > Another Security Tip For Twitter: Don?t Use ?Password? As Your Server > Password > 116 Comments > by Robin Wauters on July 15, 2009 > With all the chatter about the current security issues surrounding > Twitter, its workforce and the cloud-based Google apps they use, a new > security issue has popped up that makes it trivially easy for anyone > to access the Twitter servers directly. The problem? The password to > the servers was, literally, ?password.? > > Twitter co-founder Biz Stone, responding to our email, said ?this bug > allowed access to the search product interface only. No personally > identifiable user information is accessible on that site.? Although no > user accounts were compromised or accessible, the vulnerability speaks > to a greater culture of lax security at the startup, and may be > indicative of how earlier breaches possibly occurred. > > With that in mind, we have some friendly advice for Twitter. For > instance, it would be wise if in the future Twitter insiders do not > use the password ?password? for the back ends of its systems or one of > its co-founder?s names (Jack) as a username. > > http://www.techcrunch.com/2009/07/15/another-security-tip-for-twitter-dont-use-password-as-your-passwo > > > > See also: > > July 16, 2009 > > Twitter Hack Raises Flags on Security > By CLAIRE CAIN MILLER and BRAD STONE > > http://www.nytimes.com/2009/07/16/technology/internet/16twitter.html?_r=1&pagewanted=print > _______________________________________________ > Infowarrior mailing list > [email protected] > https://attrition.org/mailman/listinfo/infowarrior ----- End forwarded message ----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
