twitter security

Bin Laden's death and the Web response (roundup)

News that U.S. special forces had killed al-Qaeda leader Osama bin Laden traveled fast via Twitter and other Web outlets.

How bin Laden evaded the NSA: Sneakernet Reports offer details about trove of digital data found in his Pakistan hideout, like that it included a stash of "electronically recorded video" porn. (Posted in Privacy Inc. by Declan McCullagh) May 13, 2011 1:42 PM PDT

Visualizing how Twitter spread news of bin Laden's death A detailed visual look at how a single Tweet spread like a virus across Twitter within minutes--and scooped the president. (Posted in … Read more

Who dropped F-bomb on Chrysler's Twitter feed?

I don't know about you, but my first thought is that it must have been Eminem.

He appeared in a highly visible (and, to some, risible) Super Bowl ad for Chrysler. He swears a lot. Perhaps they didn't pay him on time. Perhaps he's just in a bad mood.

In any case, some wise soul, employee or associate of Chrysler (or not), managed to tweet the following on Chrysler's official Twitter feed: "I find it ironic that Detroit is known as the #motorcity and yet no one here knows how to f***ing drive."… Read more

Twitter confirms awkward 'auto-follow' bug

It's been a Monday of social-media security embarrassments: Twitter has confirmed the existence of a bug that can force one user to follow another.

The bug appears to have originally been noticed by a Turkish blog, followed by the blog Webrazzi, which successfully tested it out and forced the Twitter accounts of industry luminaries like Facebook founder Mark Zuckerberg and Twitter CEO Evan Williams to follow a dummy profile. The flaw allowed members to add followers to their own accounts, basically, by tweeting "accept" followed by "@" and any given Twitter user name.

Twitter spokesman Sean … Read more

Using Facebook and Twitter safely

You and just about everyone else, it seems, are spending more and more time on Facebook and Twitter, updating statuses and checking friends' tweets. That's all well and good, of course, but the amount of personal information that all of you share in real time, and the level of trust implicit with the social networking sites, do pose particular security and privacy problems.

A recent study from Sophos found that Facebook users reveal a lot of personal information to new friends, including ones they really don't even know or have never met. Using fake profiles, Sophos sent out … Read more

So, is it safe to tweet now?

Twitter stumbled again overnight on Thursday. But this time, it wasn't the work of the "fail whale," the cuddly cartoon personification of the site's excessive technical baggage. Rather, the site was replaced with a foreboding message from "Iranian Cyber Army" before crashing entirely, indicating that it had been the victim of a malicious attack that targeted its internal servers.

Co-founder Biz Stone posted a brief clarification on the issue late on Thursday night. "Twitter's DNS records were temporarily compromised tonight but have now been fixed," he explained. "As some noticed, … Read more

Security firms discover botnet on Twitter

A Twitter account can be used as the command center for harnessing a "botnet" of virus-infected computers, security firms Arbor Networks and Symantec reported. In a blog post Friday, Symantec analyst Peter Coogan wrote that researchers found an account, @upd4t3, which was tweeting out links to download a piece malware called Downloader.Sninfs. The account has since been suspended by Twitter.

Downloader.Sninfs, also known as Infostealer.Bancos, is a Trojan that uses the guise of a Brazilian banking site to collects passwords and related personal information from infected computers.

Security on Twitter is front and center right … Read more

Another attack hits Twitter

Twitter's servers were on the fritz again on Tuesday, with members receiving server timeouts and third-party applications unable to access the microblogging service. This appears to have begun around 11:45 a.m. PDT.

Twitter posted an update to its status blog when the servers had been in flux for about 10 minutes: "Responding to site downtime. We're working to recover from a site outage and will update as we learn more."

The service was back up about a half hour later. At 12:17 p.m. PT, Twitter confirmed that it was an attack. "… Read more

CNET News Daily Podcast: The significance of Twitter's security breach

Webware editor Josh Lowensohn joins the podcast to talk about the hack of Twitter internal documents that came to light Wednesday, and what are the larger implications for companies' security protocols now that many are storing their data in the cloud.

Plus, in another excerpt from his interview with CNET News, Microsoft Chairman Bill Gates Gates shares his thoughts on how the company is doing now that he's not there full time.

Listen now: Download today's podcast

Today's stories:

Mozilla gives add-on developers a tip jar

Dell poised to benefit most from PC market recovery

Wal-Mart to label products with eco ratings… Read more

Lessons from Twitter's security breach

Twitter's latest security hole has less to do with its users than it does with its staff, but lessons can be learned on both sides.

In the case of Jason Goldman, who is currently Twitter's director of product management, the simplicity of Yahoo's password recovery system was enough to let a hacker get in and gain information from a number of other sites, including access to other Twitter staff's personal accounts.

The aftermath of the hack, which took place in May, is just now coming to fruition. Documents that a hacker by the alias of Hacker Croll recovered from Goldman's account and others (including Twitter co-founder Evan Williams) could be a treasure trove of inside information about the company and its plans.

While Croll was planning to release the entire batch publicly (and at once), tech blog TechCrunch posted news late Tuesday that it had received them and was considering posting the details of at least some of them.

Although it seems that Twitter has been thrust into this situation a bit unfairly, a hack along these lines could have happened to the executives of more Web companies than anybody would like to admit. What it really highlights is the extreme interconnectedness of the social Web: with the likes of e-mail contact importing and data-portability services like Facebook Connect now commonplace, a savvy hacker can have access to multiple accounts simply by accessing one.

A post Wednesday on Twitter's official blog highlights just how far-reaching this can be.

"About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked," the post from co-founder Biz Stone read. "From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account which contained Docs, Calendars, and other Google Apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company."

Following that attack, Twitter conducted a security audit, and Stone's post says that there was not a security vulnerability in Google Apps and that Twitter continues to use the suite internally. A separate hack targeted the account of CEO Evan Williams' wife, and from that some of Williams' personal accounts were accessed as well, Stone explained.

But Twitter is front and center in the news these days, and is now talked about as a communications protocol as much as a Web start-up. Not only does that make it a particularly appealing target, but also… Read more