The recent bout of fake Twitter updates is interesting from at least two points; the potential security flaws of start ups and the unquestioning nature of many people in regards to news story’s sources (this will be part deux).
It was reported that 33 high profile people’s accounts were hacked with Biz Stone disclosing to Wired.com that a dictionary attack had been used to break a support team employee’s password and that was how the fake tweets were posted.
Having a password that occurs in the dictionary is fine and doesn’t offer up a particularly serious security issue but it does highlight another issue more fundamental to the creation of social networks and other places where people openly share personal information; that they are frequently built and maintained by a very small group of people. Most start ups these days are literally a couple of people with a great idea and some venture capital, sure most of them are pretty smart but this is necessarily David and Goliath.
Twitter is a good example of a company moving from nothing to exploding across the globe in a matter of months. They initially had issues with the scalability of the site however as the site now settles it is still a system built and tested by a very small group of people. This could be the reason why they were able to be exploited when their systems didn’t limit the number of login attempts, allowing someone to run a script and likely crack a password.
A primary defence is to run your social network closed source however this is what creates the problem as there is not a significant enough amount of user testing. Saying that the famous DNS security flaw from last year was found in software which had been used since the 1980s and was thought to be thoroughly tried and tested.
Compared to other social networks, Facebook presents very strong security. Bar information on a sample of your friends and network there is little coming out of your profile however even Facebook, which crossed 150 million registered users, has had breaches. There was the Canadian hacker who discovered you could view other people’s pictures, the homepage code getting leaked and also a small number of users who could access other’s inboxes and details and this is from one of the largest and most thoroughly developed social networks.
This shows just how weak a lot of the newer social networks really could be and when people will quite willingly signup to a number of services before settling on one they could easily leave details on a less secure, less funded network. Additionally with the growth and integration of mobile platforms the amount of sensitive information increases as transfer methods weaken.
With this in mind I think it is worth considering what information you release onto the Internet and to what location. In honesty with Facebook and other giants there is little significant risk, however the thing to consider is that you are ‘releasing’ information and you will likely never be able to collect it up again. It is fun to share information online however there can be a few more safety issues than you might initially consider and they aren’t being looked at in the detail your might want them to be.
In terms of digital marketing and companies over individuals it is a balance between sharing your information and making it safe. For companies it is about remembering that just because it is not your personal information and instead a company credit card or internal information it can still be exposed by not considering exactly what you are doing.
In the second part of this post I’ll cover phishing emails and how fake news stories can often be taken a little too far.