Lower costs and get to market quickly by ignoring security ;)
Recently twittter was hacked. Twitter put the following up on their blog site.
The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can’t remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We’ll put them back only when they’re safe and secure.
The details are missing but I wonder what type of access control they have for remote access, does twitter at least have two factor authentication. If they don’t have a sophisticated system in place, how do they manage accounts. What is their patch policy etc. There are many things to do. Don’t forget your precious data is only as safe as your service provider, in this case twitter. Just yesterday I was on Wells Fargo and I saw Vsafe, the bank is offering to protect my valuable data, files, pictures, movies etc. The point is that data is only as secure as the security provider protecting it. Is Wells more trustworthy and security conscious than twitter. The more encompassing point I wanted to make was that start ups often take short cuts to get into production and save money and kind of give big companies with formal processes and fiduciary responsibilities a big grin. Many years later you end up with a company that has tremendous market share and very weak security policies. An excellent example of this is MSFT. They clearly have th buggiest most unstable and insecure products of all the big computer companies IMO and they inflict this cost on the World economy. So as Google, Twitter, Facebook and Myspace mature I hope they revisit all the short cuts they may have taken before going into my pocket for more money to secure their potentially negligent security practices. When someone breaks into a “cloud property”, it will often be much worse than hac of a single company web site, millions of accounts versus tens of thousands, so before you jump into the next latest cheapest offering ask yourself how much time they have thought about protecting you from the hackers, in the negative sense.
Good thing a rational person doesn’t act on serious matters from twitter without corroboration, reminds me of the early days of the Internet when there where questions about putting active devices on the Internet due to security issues, in a way email and tweets are active messages and if people respond to messages without thought we might want to consider signing and securing messages so that the identity of the sender is known, at least it makes it a little harder. No security solution is perfect, Quantum Computers and Homomorphic Computing may change that but in the interim the goal is to just make it harder.
