Last week TechCrunch received a large number of potentially embarrassing confidential Twitter, Inc internal documents. When readers said they didn't think the documents should be published, TechCrunch blamed Google for faulty security.
"It’s not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question. It’s not our fault that Twitter stored all of these documents and sensitive information in the cloud and had easy-to-guess passwords and recovery questions."Twitter sees it differently. Twitter co-founder Biz Stone blogged that the attack was simply something that happens when you're a large enough target for hackers. Apparently an employee used the same password for multiple Internet services, a very common vulnerability.
Is it a problem that Google Apps lets you access documents, email, calendar entries, and chat sessions from the same account and password? You can do the same thing from corporations that use a Microsoft Exchange server and SharePoint.
The bigger problem seems to be that there are too many services on the Internet that require password authentication, and as human beings we're too good at forgetting all those passwords. Password retrieval systems and easy to remember, reused passwords are common exploits we need to avoid.
Update: TechCrunch explains how the Twitter attack happened.
Comments
No comments yet. Leave a Comment