Saturday, June 26, 2010

Twitter's Password Plight(s)

"FTC Forces Twitter to Safeguard User Information" (June 24, 2010)

"Twitter on Thursday reached a settlement with the Federal Trade Commission over charges that it failed to adequately safeguard user information, which led to two high-profile hacker attacks in early 2009.

"The case is the first that the FTC has brought against a social networking site, it said.

"Under the terms of the deal, Twitter is banned for the next 20 years from misleading consumers about the extent to which it protects the security and privacy of non-public information, the FTC said. Twitter must also establish a comprehensive information security program, which will be assessed by an independent third party every other year for the next 10 years...."

Somebody's hacked into Twitter's administrative accounts more than once - it looks like the Lemming posted about the first one, back on January 6, 2010. Back to the article:

"...In the first case, which happened in January 2009, a hacker used an automated password-guessing tool to gain administrative control of Twitter. Twitter's system did not automatically lock people out after they failed to guess the correct password after several tries, so the hacker was able to submit thousands of guesses before gaining access.

" 'The administrative password was a weak, lower case, common dictionary word,' according to the FTC...."

Two (rookie?) mistakes: letting a bot try a large number of times to guess the password; and using a "common dictionary word." I looked it up: the password was "happiness." Well, it could have been worse. The admin might have chosen password as the password.

What impressed me was that Twitter didn't clamp down on security after that January 2009 caper.

I use Twitter myself (where I'm Aluwir), but I'm not too concerned about "privacy" of my account information - I've followed the same rule there that I do elsewhere online: I never give more information than I would put on the back of a postcard. With the exception of a few financial accounts, where I'm pretty sure the company is playing with a full bag of marbles.

Of course, I'd hate to lose my account because my password got broadcast to the world.

Bottom line, I think, is that Twitter needs to accept the fact - fast - that it's no longer a little circle of like-minded people in a San Francisco neighborhood. Twitter is a huge online community: and folks who use Twitter need to be able to trust the system.

Related posts:
A tip of the hat to TweetSmarter (formerly Twitter_Tips), on Twitter, for the heads-up on the article.

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?


Family Blogs - Blog Catalog Blog Directory