Twitter hack is an eye-opener for personal online security
One immediate lesson from the leaked Twitter documents for journalists and bloggers, which we wrote about yesterday, is the ethical question of publishing stolen company files.
Further ethical issues came into question in a follow-up post today on TechCrunch in which the blogger claimed that Twitter gave them "the green light" to post the information.
Inside the eye of the ethical hurricane is something everyone can take away from this (or at least those who use computers with any regularity) -- cyber-security is important.
Whether you argue that cloud computing via Google Apps or one of the company's many consumer software is dangerous, having passwords is inevitable in order to use the Internet. If you use e-mail or log-on to WiFi or buy things online, you're going to need passwords. And your account is only as secure as your password.
"Biz Stone said it best in his blog" when he stressed the importance of strong passwords, wrote Google Spokesman Andrew Kovacs in an e-mail, defending cloud computing (what a shocker).
Another Google spokesman adds, "Among the many solutions we offer are tools for consumers that help rate password strength and tips for creating stronger passwords during the sign-up process."
Security experts jumped at the opportunity to stress the importance of smart, safe computing, saying users should ...
... never use words you can find in the dictionary as passwords. Users should also vary capitalization, use numbers and include those wonderful little symbols above the numbers on the keyboard.
Despite TechCrunch pointing the finger at Twitter for having a weak password (saying it used the easily guessable word "password" as its password), Williams implied that that wasn't the case.
"Relieved to learn hack wasn't due to blatantly dumb moves (e.g., weak passwords)," wrote Williams in a tweet. Soon after, he wrote a tweet, saying, "Don't use the same pw or pattern anywhere."
That, according to Stone's blog post, was the ultimate vulnerability that helped the hacker gain access. The administrator whose account information was compromised used the same log-in details on numerous websites. The hacker used a password recovery vulnerability in a service outside of Twitter and Google to acquire the account info, Stone wrote.
And while having strong passwords that differ on every site is the ideal way to avoid these headaches (outside of becoming a digital hermit), Twitter may not be left in the dust if this goes to court.
"If you know that I hide my spare key under my front mat, is it therefore OK to come in my house and steal my things?" said Jonathan Pink, a counsel for the Bryan Cave law firm. "I think it's still an act that most courts would not condone."
-- Mark Milian