homepage Welcome to WebmasterWorld Guest from 54.226.191.80
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Twitter Hacker Exposes Company Documents
engine




msg:3953198
 7:20 pm on Jul 15, 2009 (gmt 0)

Twitter Hacker Exposes Company Documents [bits.blogs.nytimes.com]
The hacker claims to have private documents including confidential contracts with Nokia, Samsung, Dell, AOL, Microsoft; the resumes of people who have applied to work at Twitter; personal information about Twitter employees including credit card numbers; future business plans and floor plans and security codes for Twitter’s offices.
The hacker apparently broke into the Internet accounts of various Twitter employees, including Evan Williams, Twitter’s chief executive, as well as Mr. Williams’ wife, who does not work for Twitter, and two Twitter employees. He claims to have accessed Google Apps, Gmail, PayPal, Amazon, Apple, AT&T and MobileMe accounts.

Biz Stone wrote on the Twiter company blog [blog.twitter.com]

We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents.

...as they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns.


 

httpwebwitch




msg:3953202
 7:32 pm on Jul 15, 2009 (gmt 0)

Instead of circumventing any actual security measures, the hacker managed to correctly answer the personal questions that some Internet sites ask when users need to reset their passwords.

Illustrating that the weakest link in online security can be the user's lack of diligence and unpredictability.

pageoneresults




msg:3953212
 7:39 pm on Jul 15, 2009 (gmt 0)

As they were never meant for public communication, publishing these documents publicly could jeopardize relationships with Twitter's ongoing and potential partners. We're doing our best to reach out to these folks and talk over any questions and concerns.

That's a pretty strong message right there. I saw the original Admin Docs posted back in 2009 April. They are still available. If that person were smart, they'd probably make them unavailable after the above statement.

What a bummer. Any one of us is subject to this same issue. If someone wants to hack your arse bad enough, they'll do it. And, it will probably be someone that you cannot prosecute due to their locale.

Good luck in finding the source of that hack Twitter.

And TechCrunch, how much more negative press do you want from the community? This should do it for ya.

JS_Harris




msg:3953231
 7:54 pm on Jul 15, 2009 (gmt 0)

Twitter secrets, couldn't he have picked a more juicy target? Just kidding, I hope they catch the thief and send a strong message at his expense.

From experience, divorced people can pose an even bigger threat. A diseased mind easily believes they still have a right to access the ex's life and they know the birth dates and social security numbers needed to bypass most any security measures.

Instead of blocking someone like that it's often best to simply let them in and have measures in place beyond what they expect to track their activities... then when the kids involved are grown up let the ex taste the effects of the law.

LeoXIV




msg:3953281
 9:37 pm on Jul 15, 2009 (gmt 0)

Twitter has contracts with Nokia!?

Nokia Siemens Network has confirmed it supplied Iran with the technology needed to monitor, control, and read local telephone calls.

[news.bbc.co.uk...]

J_RaD




msg:3953484
 3:39 am on Jul 16, 2009 (gmt 0)

just reminds me why i don't use any social networking sites.

yaix2




msg:3953501
 4:45 am on Jul 16, 2009 (gmt 0)

Security questions don't serve any purpose other than making it easier for intruders. If a user lost the account password, just send it to the given email address.

MichaelBluejay




msg:3953505
 4:53 am on Jul 16, 2009 (gmt 0)

Security questions don't serve any purpose other than making it easier for intruders. If a user lost the account password, just send it to the given email address.

Yes yes yes! I hate that my banks now *force* me to use this "security" feature which only increases vulnerability. In order to thwart that I have to make up answers to the security questions that aren't really true, and then painstakingly store them somewhere else, and then painstakingly look them up when I have to call my credit card company, for example.

Mother's maiden name, what a joke. Like I would give out the key to *all* my accounts everywhere, every time I talk to just *one* provider.

carguy84




msg:3953571
 7:46 am on Jul 16, 2009 (gmt 0)

And TechCrunch, how much more negative press do you want from the community? This should do it for ya.

*thumbs up*

maximillianos




msg:3953723
 2:50 pm on Jul 16, 2009 (gmt 0)

I think this was a publicity stunt between TC and Twitter. Any reasonable person would not be publishing stolen documents and advertising it like a novel they are releasing in chapters.

It is all a big PR stunt by Twitter.

carguy84




msg:3953747
 3:41 pm on Jul 16, 2009 (gmt 0)

Hadn't thought of that, but it's an interesting angle, and one where I would not be surprised if it's true.

engine




msg:3953819
 5:41 pm on Jul 16, 2009 (gmt 0)

>It is all a big PR stunt by Twitter.

If it were, and found to be proven so, it would trash both parties credibility, entirely.

In addition, why would twitter need to do that? Their growth it still going up rapidly.

Methinks anti-cynical meds required. ;)

httpwebwitch




msg:3953842
 6:15 pm on Jul 16, 2009 (gmt 0)

I don't think Twitter is looking for media coverage. But you know TechCrunch is, always.

It's shameful the way TechCrunch has handled this. They have shown poor judgement in the past and this is right in character. they're like the TMZ of Silicon Valley.

Mike_Feury




msg:3953861
 7:04 pm on Jul 16, 2009 (gmt 0)

I know any publicity is supposed to be good publicity, but security breaches? I don't think so.

This hurts both Twitter and TechCrunch, and at least Twitter doesn't need publicity stunts at the moment, as engine said.

maximillianos




msg:3953865
 7:12 pm on Jul 16, 2009 (gmt 0)

Maybe you are right. Off to take my anti-cynic meds...

But remember you heard it here first! ;-)

GaryK




msg:3953929
 8:51 pm on Jul 16, 2009 (gmt 0)

I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

It's important to note that we have been given the green light by Twitter to post this information - They aren't happy about it, but they are able to live with it, they say (more on why they did that in our later post).

I'd provide a link to the article, but we're not generally permitted to post links to blogs here--for good reasons.

maximillianos




msg:3953934
 8:56 pm on Jul 16, 2009 (gmt 0)

I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

Ha! I'm right! ;-)

carguy84




msg:3954826
 6:12 am on Jul 18, 2009 (gmt 0)

quick, spit out the pills!

phranque




msg:3954869
 10:07 am on Jul 18, 2009 (gmt 0)

I'm not a huge fan of TC, but in all fairness to them, their most recent post suggests they did have Twitter's permission to share the documents.

not according to this tweet by Evan Williams [twitter.com]!

GaryK




msg:3954992
 5:38 pm on Jul 18, 2009 (gmt 0)

I wish I could say that surprises me!

On the other hand, it also suggests plausible deniability. Arrington may have gotten his alleged permission from someone else so that Ev could deny knowing anything about it while still tacitly approving it.

wyweb




msg:3955051
 7:45 pm on Jul 18, 2009 (gmt 0)

I knew there was a reason I didn't like Twitter....

It's frivilous anyway. The entire concept of Twitter is immature. What did someone have for breakfast this morning? Who's kid got his braces off? Who lost their job and who got one?

I frankly don't care. I get enough of that crap in my own life and I certainly don't wanna read about someone elses BS.

I'm glad they got hacked and I hope they get hacked again.

I also wish I'd have thought of it.... Twitter, I mean...

JS_Harris




msg:3955606
 8:13 am on Jul 20, 2009 (gmt 0)

In some cases I think the use of monitoring technology is brilliant.

examples:

#1 - 6 murders in a 6 month timespan go unresolved. Internet logs show that someone looked up all 6 victims online from the same residence just prior to each murder occurring. A murderer is put behind bars thanks to his internet activity that would otherwise have gotten away.

#2 - A fire rages out of control destroying 100 acres, 20 homes and claims 3 victims. Recorded satellite imaging can be used to "rewind" footage of the fire to find it's origin. When the fires starting point is found a vehicle was present, rewind the video further to see that it passed a major traffic intersection. Access the camera at the intersection to gain a license plate number and find the persons residence.

I could go on but you get the idea.

Now, in the examples nobody was being tracked, technology was used to find the bad guy. Recording phone conversation and watching people in their own homes is not the same because privacy is violated and the victim is known in advance.

I hope ALL companies/governments do their best to maintain that distinction (which it appears they have no interest in doing) because you CAN watch without intruding on privacy.

Cameras taking pictures of everyone at a baseball game is fine. Cameras tracking individuals and storing the images in the victims personal file is not fine, privacy was violated.

It's not an easy distinction to make.

2clean




msg:3955624
 9:39 am on Jul 20, 2009 (gmt 0)

I'd be very wary about installing 3rd party tools on a Twitter account, as it seems, through my reading of some security blogs, that there is a lot of information that hacker can get to.

It would appear that there needs to be a stronger control of plugins for these SM apps, not just opening up the doors to anyone that know how to program. I know it's a bit off topic, but I thought I would mention it.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved