Mashable - The Social Media Guide - Latest Comments in Twitter’s Security Meltdown

Re: Twitter’s Security Meltdown

Attie — Mon, 10 Aug 2009 19:31:29 -0000

Very nice "clarification" at the very end. I know some are starting to doubt cloud computing because of Twitter's security breaches, but I'm glad you touched on the more obvious human errors that caused Twitter's meltdown.

Re: Twitter’s Security Meltdown

Attie — Mon, 10 Aug 2009 19:29:37 -0000

Re: Twitter’s Security Meltdown

PeopleSearch — Tue, 21 Jul 2009 22:13:25 -0000

I think that they were just so wrapped up in their sites success that they totally ignored making sure that all of the security and loopholes were properly taken care of. Google People Search

Re: Twitter’s Security Meltdown

PeopleSearch — Tue, 21 Jul 2009 22:12:29 -0000

I think that they were just so wrapped up in their sites success that they totally ignored making sure that all of the security and loopholes were properly taken care of. Google People Search

Re: Twitter’s Security Meltdown

jsinkeywest — Fri, 17 Jul 2009 05:05:34 -0000

I know YOU :)
but do people realize just how cool your site is ?
http://searchles.com :)
I talked with you along time ago can called to ask about DO FOLLOW on your site :)

Re: Twitter’s Security Meltdown

Tim Acheson — Thu, 16 Jul 2009 10:52:01 -0000

This week Twitter’s own internal systems were hacked, along with the accounts of Twitter users including celebrities:

http://www.timacheson.com/B...

The point of entry wasn’t a gap in Twitter’s security. The hacker(s) gained access through a Google Apps account. The worry with a Google account is, it’s web-based and therefore only as secure as the rest of the Internet. If yuor Google account is compromised and you use Google Docs in a serious commercial setting, your Twitter account will be the least of your worries.

Re: Twitter’s Security Meltdown

genieyclo — Thu, 16 Jul 2009 08:31:46 -0000

BS.

Re: Twitter’s Security Meltdown

Bob — Thu, 16 Jul 2009 02:21:30 -0000

Sheesh, inflammatory language much? "Burn everything security-related down to the ground"? "Twitter needs to seriously rethink its attitude towards security"? You sound like a patronizing school principal.

Re: Twitter’s Security Meltdown

MykalBoss — Wed, 15 Jul 2009 22:51:39 -0000

I don't see how anyone can say this post discussing actual events, related to Twitter and some of its now multiple and very public security breaches, infers anything about the safety of Twitter user info. The inferences whether warranted or not, come from the actuality of these very public security breaches. That is not to say that because a Twitter server's password was "password" or that a breach or so described as a "hack" turned out to be social engineering, means Twitter user data is somehow unsafe. Is it possible that somehow the good people at Twitter could demonstrate lax regard for their own data and yet utter concern for user data? Entirely! Still if you use Twitter, a little extra caution should be exercised at the very least.

Re: Twitter’s Security Meltdown

jarrod — Wed, 15 Jul 2009 22:40:16 -0000

That right there is some amazing insight. Please sign me up for your newsletter.

Re: Twitter’s Security Meltdown

@gwoodard — Wed, 15 Jul 2009 21:03:57 -0000

This is no surprise. My specialty is outside what you call "Social Media", and I can tell you that compared to other computing this whole genre has a downright reckless attitude toward privacy and security. It is stunning actually. When business plans actually set out to acquire and leverage private user data, stories like this are predictable.

Re: Twitter’s Security Meltdown

Jim C. — Wed, 15 Jul 2009 19:12:41 -0000

Yes, they need to make it as secure as possible. Non spam? GOOD LUCK. Not gonna happen.

Re: Twitter’s Security Meltdown

the King — Wed, 15 Jul 2009 18:29:29 -0000

I think this line is where people get the wrong impression

"This same site (link omitted on purpose) now holds images from various personal accounts of Twitter co-founder Evan Williams, including PayPal, Amazon, Gmail (Gmail) and MobileMe (MobileMe). "

What is being implied in the article is ambiguous at best and sensationalist at worst.

What you should say is that "user inputted data in the Twitter administration area is subject to compromise", if that uis what you actually mean.

Re: Twitter’s Security Meltdown

Kringle, A Corporation Sole — Wed, 15 Jul 2009 17:27:56 -0000

Does this even broach the topic of performance issues that severely hinder the site's usage?

Often, there is such a delay between what I type and its display on the screen that I rather choose to discontinue my efforts to "tweet".

If there is some sort of cyber-warfare going on, then isn't it time we push back?

Re: Twitter’s Security Meltdown

Chris — Wed, 15 Jul 2009 16:47:38 -0000

Evan is the CEO of Twitter.

Re: Twitter’s Security Meltdown

MC Cendana — Wed, 15 Jul 2009 16:41:10 -0000

Oh darn! That's what I do too. Gonna change the one at Twitter NOW.

Re: Twitter’s Security Meltdown

Larry — Wed, 15 Jul 2009 16:01:23 -0000

Agree with the footnote that no one should be concerned about their similar (paypal, gmail, amazon) accounts being compromised by this problem... but it does bring up the larger issue about the lack of security on SN sites in general and twitter in particular. I don't feel any of what's known here will result in any exploits exposing info deeper than what's ON Twitter, but it should be apparent that what IS there is wide open. Caveat Emptor... however we're not really 'buyers' cuz the service is free, and there may be a good reason for that and also why it's not looking so great for them to go commercial

Re: Twitter’s Security Meltdown

Larry — Wed, 15 Jul 2009 15:59:16 -0000

Re: Twitter’s Security Meltdown

dumbfounder — Wed, 15 Jul 2009 15:52:45 -0000

It's a lot better than letting your username/password out, and it also requires two separate hacks if you have Oauth: they need your secret key and pass key for the web app, and then the individual's user specific secret key and pass key (or whatever the terminology is, I forget). If you store those things in two different places it makes it much harder for the hacker to get actionable data. (yes, Twicsy uses Oauth, and yes we store the keys in different places)

Re: Twitter’s Security Meltdown

Stan_Schroeder — Wed, 15 Jul 2009 14:55:10 -0000

@Alex: I understand your point of view. However, it's sometimes hard to please everyone. Even casual Mashable readers, or people who follow what's happening in or around Twitter casually are aware that certain celebrity Twitter accounts got hacked or compromised on several occasions. We've also posted about the Twitter admin panel images back in April, which were a good - if not certain - indication that one of Twitter's admin accounts have been compromised. And now the same hacker and the same French blogs that posted those images in April posted many more documents, which are supposedly (but then again, not certainly) coming from Evan Williams' (Twitter co-founder, added clarification in the text) various personal accounts, but have a lot to do with Twitter; in short, they're confidential company documents, some of which potentially very harmful.

So, this article takes this latest security issue, and ties it into the obvious pattern of security problems that have been pestering Twitter in the past couple of months. You and Dan are acting as if this is the only security-related incident that happened to Twitter. It is not.

Re: Twitter’s Security Meltdown

Thomas — Wed, 15 Jul 2009 14:23:03 -0000

So you claim that Twitter is having a "security meltdown" and your only proof is some idiot celebrities who used easy to guess passwords? Stupid people will always pose a security threat to themselves. That has nothing to do with the security of the service.

Re: Twitter’s Security Meltdown

Robert Burke — Wed, 15 Jul 2009 13:39:54 -0000

You are talking about Twitter security flaws yet you are stating that "such-and-such" a site has shown images of Evan Williams' PayPal, Amazon, Gmail and MobileMe. By saying it in such a manner, it makes it sound like they got this information through Twitter. YOu never made it clear that they might have gotten these through some other manner. I, at first, thought the same thing.

It's all in the grammar.

Re: Twitter’s Security Meltdown

Evelyn McCormack — Wed, 15 Jul 2009 13:34:14 -0000

Not good news for Twitter users...

Re: Twitter’s Security Meltdown

Your Name* — Wed, 15 Jul 2009 13:17:15 -0000

YO THIS IS A POOR STATMENT, "there’s absolutely no reason to believe that being a Twitter user implies a security risk to your other accounts. " HAVING ANY SECURITY ISSUES WITH ONE ACCOUNT CAN LEAD TO THE TAKE OVER OF ALL ACCOUNTS, TOO MANY PEOPLE USE THE SAME PASSWORD FOR EVERYTHING. If someone's email password is the same as their twitter password, forgettaboutit!

Re: Twitter’s Security Meltdown

John — Wed, 15 Jul 2009 13:07:50 -0000

These have nothing at all to do with Firefox.