Hacker's have been able to access Twitter's data that was located on Google's cloud computing platform. Some of this data has been published by TechCrunch.
It's any corporation's nightmare. Strategy, personnel records, financial data and meeting notes have all been exposed. Twitter and their users seem to be a big target for hackers and malware if you read the sidebar on the SC Magazine site.
How did this happen? Apparently an employee used the password "password" for their account. That is about as dumb as you can get in security. But this is more than requiring upper and lower case, numbers, and squirrel noise symbols in passwords that only Stephen Hawking can remember. Passwords are simply not adequate for authentication.
There are myriad ways hackers can compromise a database and cloud computing (keeping the data on the Internet) may be more secure that leaving it on a corporate server that is equally accessible.
If Google and Twitter had their wits about them they would have a better authentication mechanism for access. The simplest and most secure way to start this is to employ DNSSEC. Anyone reading this blog knows the benefits of DNSSEC, but perhaps hearing it from an expert like Dan Kaminsky will illustrate how this can unlock an entire world of new applications and ways of doing things that can get our economy going again. So I urge you to take a moment and read this recent interview with Dan by Michael Mimoso in Search Security.
As an update, Dan mentions that getting the root signed is the biggest challenge and this will happen within 2009. Also, the cost and complexity of implementation has been largely addressed and is significantly lower and easier than it has been in the past.
I hope Google and Twitter are listening.
Comments