Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 6 of 6
  1. #1
    WDF Staff smoseley's Avatar
    Join Date
    Mar 2003
    Location
    Boston, MA
    Posts
    9,729
    Member #
    819
    Liked
    205 times
    A little blog I wrote today, out of frustration:

    http://www.stevenmoseley.com/cnn-art...-intelligence/

    Read and enjoy.

  2.  

  3. #2
    WDF Staff Wired's Avatar
    Join Date
    Apr 2003
    Posts
    7,657
    Member #
    1234
    Liked
    138 times
    There's nothing wrong with the CNN article. They didn't place blame and even went so far as to get a quick quote from a security expert:

    http://www.cnn.com/2009/TECH/07/16/t...ack/index.html
    Quote Originally Posted by CNN
    Ken Colburn, a computer security expert, recently told CNN.com/Live that Google Docs are "as secure as anything you're going to do on the Internet. It's not any more or less secure than Microsoft Office."
    Here's how the Twitter theft went down:

    http://blog.twitter.com/2009/07/some...-security.html
    First, it's important to note how these documents were stolen. In this case, a Twitter employee used the same non-unique password on multiple services. A hacker gained access to our business documents because this common password was retrievable on an unrelated system.
    http://blog.twitter.com/2009/07/twit...we-wanted.html
    About a month ago, an administrative employee here at Twitter was targeted and her personal email account was hacked. From the personal account, we believe the hacker was able to gain information which allowed access to this employee's Google Apps account
    http://www.nytimes.com/2009/07/16/te...16twitter.html
    Instead of circumventing security measures, it appears that the Twitter hacker managed to correctly answer the personal questions that Gmail asks of users to reset the password.

    The usual weak link was the culprit: USER STUPIDITY

    This is why ANY IT guy (like myself) who's worth a damn never writes down passwords (or if they do uses a highly encrypted password system), and doesn't use the default admin accounts (and disables them). Every password should use at least 3 out of the 4 possible character types (a-z, A-Z, numbers, special characters), makes it long, and changes them often.

    Don't forget having the same password for multiple systems is a big no-no as the hacked employee found out. Looks like at least 40% of people do this though:
    http://www.nytimes.com/2009/07/16/te...16twitter.html
    In a study last year, Sophos, a security firm, found that 40 percent of Internet users use the same password for every Web site they access.
    ...
    “A lot of the Twitter users are pretty much living their lives in public,” said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. “If you broadcast all your details about what your dog’s name is and what your hometown is, it’s not that hard to figure out a password.”
    In otherwords, stop posting crap about your pets. No one cares about your dog's Bark-Mitzvah anyway.


    Apparently this wasn't the first security goof by someone at Twitter:
    http://www.techcrunch.com/2009/07/15...your-password/
    ... a new security issue has popped up that makes it trivially easy for anyone to access the Twitter servers directly. The problem? The password to the servers was, literally, “password.”
    PEBKAC at its finest...

    Someone obviously didn't see Hackers. Here's how the discussion probably went down after the fact at Twitter (yes, this is a modified quote from the same movie):

    BoFH (aka the IT guy): Our recent unknown intruder penetrated using the superuser account, giving him access to our whole system.
    Employee: Precisely what you're paid to prevent.
    BoFH: Someone didn't bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and...
    Employee: [glares at the BoFH]
    BoFH: god. So, would your holiness care to change their password?
    Ok, so they didn't cover a common password being PASSWORD, but COME ON.


    Now for the good news:
    Random password generators as well as two-factor authentication for more sensitive systems are now mandatory at Twitter, Inc.
    Hey, if it's good enough for World of Warcraft, it's good enough for Twitter Yes, guild banks are just as important as real banks. Too bad the FDIC doesn't cover guild bank ninjas...

    ==================

    So in other words, the employee used the same password on both their personal and private email accounts and had enough public information about themselves on the internet to enable someone to figure out their security questions. Bob's your uncle, instant access to internal docs.


    Steve, tell them any system is only as secure as the people using it. This is why social engineering (e.g. phishing) is the most common tool used to get into a system. What's easier: cracking a password or simply asking for it?

    ... damn I need to start blogging or something
    The Rules
    Was another WDF member's post helpful? Click the like button below the post.

    Admin at houseofhelp.com

  4. #3
    Junior Member immediate's Avatar
    Join Date
    Nov 2009
    Location
    kavoir.com
    Posts
    20
    Member #
    20365
    How does this relate to cloud hosting at all?
    Super webmaster blog that blows you away!
    I build sites from these data lists.

  5. #4
    WDF Staff Wired's Avatar
    Join Date
    Apr 2003
    Posts
    7,657
    Member #
    1234
    Liked
    138 times
    ??? No one brought up cloud hosting...
    The Rules
    Was another WDF member's post helpful? Click the like button below the post.

    Admin at houseofhelp.com

  6. #5
    WDF Staff smoseley's Avatar
    Join Date
    Mar 2003
    Location
    Boston, MA
    Posts
    9,729
    Member #
    819
    Liked
    205 times
    The title is "Is Cloud Computing Unsafe?"

    Originially, I had linked to a blog post I made (I've since taken my blog down) that criticized an article which basically stated "Cloud computing is unsafe because a Twitter exec got his password phished."

  7. #6
    Banned
    Join Date
    May 2010
    Posts
    1
    Member #
    21927
    Hello friends,:nervous:

    Yes dear Cloud computing is unsafe but in rare case.If want a safe and secure Cloud Hosting managed company visit :- http://fail.com


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

cloud computing unsafe

,

mobile computing unsafe wireless

Click on a term to search for related topics.
All times are GMT -6. The time now is 12:17 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com