Filed under: Internet, Security, web 2.0
Massive Twitter breach underscores the problem with "secret questions"
Twitter's Evan Williams certainly isn't the first famous person to have a "secret question" figured out by a hacker, but I'm always surprised when someone in IT circles falls victim to such an elementary attack.
It's not news that secret questions are a terribly bad idea for enabling password resets or protecting account information. For a question to work, the answer truly needs to be a secret. In the case of celebrities, finding an answer can be as simple as digging around their Facebook profile or fan pages.
The end result of this particular breach: hundreds of documents in a zip file, which the hacker is happily passing around to various blogs (like TechCrunch, Mashable, and this one where screenshots have been posted already). The zip contains everything from plans for a new office and applications for high-level positions to the original pitch for the Twitter TV show (which I can't wait to not watch should it ever happen).
Though ultimately, the information is contained in the documents isn't the worst of it. More alarmingly, the hacker was also able to gain access to Twitter's domain registrar and the associated Gmail account. It would have been an easy step to alter the DNS servers and plunge the Twitterverse into chaos.
Clearly, people really need to start paying attention to things like this MIT report and the advice of their security-savvy friends.
It's not news that secret questions are a terribly bad idea for enabling password resets or protecting account information. For a question to work, the answer truly needs to be a secret. In the case of celebrities, finding an answer can be as simple as digging around their Facebook profile or fan pages.
The end result of this particular breach: hundreds of documents in a zip file, which the hacker is happily passing around to various blogs (like TechCrunch, Mashable, and this one where screenshots have been posted already). The zip contains everything from plans for a new office and applications for high-level positions to the original pitch for the Twitter TV show (which I can't wait to not watch should it ever happen).
Though ultimately, the information is contained in the documents isn't the worst of it. More alarmingly, the hacker was also able to gain access to Twitter's domain registrar and the associated Gmail account. It would have been an easy step to alter the DNS servers and plunge the Twitterverse into chaos.
Clearly, people really need to start paying attention to things like this MIT report and the advice of their security-savvy friends.
Get a WordPress.com Blog
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Rocky said 1:19PM on 7-15-2009
I kind of wish they had taken that easy step and altered the DNS servers. Then again, I'm fully biased and hate Twitter with a passion.
Reply