Saudi deputy FM meets Sudan's Sovereign Council chief in Port Sudan    Kuwait, India to elevate bilateral relations to strategic partnership Sheikh Mishal awards Mubarak Al-Kabir Medal to Modi    MoH to penalize 5 health practitioners for professional violations    Al-Samaani: Saudi Arabia to work soon on a comprehensive review of the legal system    Environment minister inaugurates Yanbu Grain Handling Terminal    Germany's attack suspect reportedly offered reward to target Saudi ambassador    U.S. Navy jet shot down in 'friendly fire' incident over Red Sea    Israeli strikes in Gaza kill at least 20 people, including five children    Trudeau's leadership under threat as NDP withdraws support, no-confidence vote looms    Arabian Gulf Cup begins with dramatic draws and a breathtaking ceremony in Kuwait    GACA report: 928 complaints filed by passengers against airlines in November    Riyadh Season 5 draws record number of over 12 million visitors    Fury vs. Usyk: Anticipation builds ahead of Riyadh's boxing showdown    Saudi Arabia to compete in 2025 and 2027 CONCACAF Gold Cup tournaments    Marianne Jean-Baptiste on Oscars buzz for playing 'difficult' woman    PDC collaboration with MEDLOG Saudi to introduce new cold storage facilities in King Abdullah Port Investment of SR300 million to enhance logistics capabilities in Saudi Arabia    Al Shabab announces departure of coach Vítor Pereira    My kids saw my pain on set, says Angelina Jolie    Legendary Indian tabla player Zakir Hussain dies at 73    Eminem sets Riyadh ablaze with unforgettable debut at MDLBEAST Soundstorm    Order vs. Morality: Lessons from New York's 1977 Blackout    India puts blockbuster Pakistani film on hold    The Vikings and the Islamic world    Filipino pilgrim's incredible evolution from an enemy of Islam to its staunch advocate    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Twitter's security breached again, raises questions on password security
By Jordan Robertson
Published in The Saudi Gazette on 17 - 07 - 2009

mail can be child's play for a determined hacker, as Twitter Inc. employees have learned the hard way - again.
For the third time this year, the San Francisco-based company was the victim of a security breach stemming from a simple end-run around its defenses. In the latest case, a hacker got the password for an employee's personal e-mail account - possibly by guessing, or by correctly answering a security question - and worked from there to steal confidential company documents.
The techniques used by the attackers highlight the dangers of a broader trend promoted by Google Inc. and others toward storing more data online, instead of on computers under your control.
Password-protected sites are growing more vulnerable because to keep up with the growing number of passwords, people use the same simple ones on numerous sites across the Web. In a study last year, Sophos, a security firm, found that 40 percent of Internet users use the same password for every Web site they access.
The shift toward doing more over the Web - a practice known as “cloud computing” - means that mistakes employees make in their private lives can do serious damage to their employers, because a single e-mail account can tie the two worlds together.
Stealing the password for someone's Gmail account, for example, not only gives the hacker access to that person's personal e-mail, but also to any other Google applications they might use for work, like those used to create spreadsheets or presentations.
That's apparently what happened to Twitter, which shares confidential data within the company through the Google Apps package that incorporates e-mail, word processing, spreadsheet, calendar and other Google services for $50 per user per year.
Co-founder Biz Stone wrote in a blog posting Wednesday that the personal e-mail of an unnamed Twitter administrative employee was hacked about a month ago, and through that the attacker got access to the employee's Google Apps account.
Separately, the wife of co-founder Evan Williams also had her personal e-mail hacked around the same time, Stone wrote. Through that, the attacker got access to Williams' personal Amazon and PayPal accounts.
Stone said the attacks are “about Twitter being in enough of a spotlight that folks who work here can become targets.” Some of the material the hacker posted online from the Google Apps documents was more embarrassing than damaging, like floor plans for new office space and a pitch for a TV show about the increasingly popular online messaging service.
The hacker claims to have employee salaries and credit card numbers, resumes from job applicants, internal meeting reports and growth projections.
TechCrunch, a widely read technology blog, says it was e-mailed the documents, and subsequently published some of them, including financial projections that Twitter drew up in February. The forecast envisioned Twitter generating its first revenue in the current quarter, with sales of about $400,000 and about 60 employees. By the end of next year, Twitter expected to employ about 345 people with annual revenue of about $140 million, according to the documents published by TechCrunch.
Stone said in an e-mail that most of the documents TechCrunch has access to are “speculative exercises.” In his blog post, Stone said the stolen documents “are not polished or ready for prime time and they're certainly not revealing some big, secret plan for taking over the world,” but said they are sensitive enough that their public release could jeopardize relationships with Twitter's partners.
Stone said the company is talking to lawyers about “what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents.” What the attacks on Twitter show is that Web sites don't need to get compromised in the traditional sense to put its users and employees at risk.
How hackers work
Hackers don't need to find a vulnerability in the site itself, or plant a virus on an employee's computer, to sneak inside.
All they need to find is an employee who uses weak passwords for his or her e-mail accounts, or has security questions that are easy to answer with a little information about the person.
It can be trivial to guess someone's passwords, as former vice presidential candidate Sarah Palin found out during the election, when her personal e-mail was hacked and screenshots were posted online. The attacker sneaked in by accurately guessing the answer's to Palin's security questions, based on information about her and her family that was already online.
Password-guessing programs are also a common hacking tool. An attacker runs the program against an account, and if it's allowed to try lots of times and the password isn't very complicated, the hacker's in. The attacks on Twitter serve as a reminder of why many corporations are reluctant to jump on the cloud computing bandwagon.
Outsourcing sensitive jobs can save money but also open up companies to more risk, because their data aren't entirely under their control. Another trend online is for Web-based services to streamline access by letting users log into each others' sites with the same usernames and passwords. Facebook and other services have begun to do this, raising possible security risks.
Security experts advise people to use unique, complex passwords for each Web service they use and include a mix of numbers and letters. Free password management programs like KeePass and 1Password can help people juggle passwords for numerous sites.
Andrew Storms, director of security operations for nCircle, a network security company, suggested choosing false answers to the security questions like “What was your first phone number?” or making up obscure questions instead of using the default questions that sites provide. (Of course, that presents a new problem of remembering the false information.)
For businesses, Google allows company administrators to set up rules for password strength and add additional authentication tools like unique codes.
The lesson from Twitter's latest security troubles is an old one: Use strong passwords, which include some combination of letters and numbers, and for companies, be careful about how many accounts are linked to the same username and password combination.


Clic here to read the story from its source.