Tuesday, July 5, 2011

You just can't believe everything you read

Hi folks,

Over the weekend, our friends over at Sophos noticed that Fox News got one of their Twitter accounts "hacked". The "hacker" posted four or five bogus tweets about the President being assassinated, over a ten hour period, before the Fox guys noticed. I guess we could say that it took them ten hours to tweak that their tweets were being twampled. (Sorry)

Once they realized what had happened, they (presumably) changed their password, and deleted the dud tweets.

Their public response was that they had been "hacked", and they were demanding a full explanation from Twitter about what happened.

Well, I can tell you what happened. You weren't "hacked". Your person, or people, running that Twitter account got his or her password phished.

It hurts a bit, but it wasn't Twitter's fault, so there's no point in blaming them.

What it really underscores is the danger of password re-use. It's dangerous, and you simply must adopt the idea that you'll have one password per website that you want to use. If that's 50 websites, then you need fifty passwords. It sucks a but, but the alternative is that if you only have a few passwords, and one website fails, then that all the other websites that password accesses, are compromised.

Use a password manager, or even write them down and keep them in your wallet, but the rule has to be ...

No password re-use! Ever.

Keep safe folks,

Roger

2 comments:

Graham Cluley said...

Fair point - although we don't *know* yet that it wasn't Twitter's fault.

Chances are that it was sloppiness on someone at Fox's end of things which caused the account to be breached... but we have seen security lapses at Twitter itself before which have allowed bad guys to access accounts.

See http://nakedsecurity.sophos.com/2009/01/07/celebrity-twitter-accounts-hacked/ for instance.

Cheers
Graham

Roger Thompson said...

Oh yes, I agree, we don't know. Twitter has been smacked many times, but if it was a Twitter breach, I would have expected more than one shoe to drop. Otoh, given that it seems to be be just one, over a period of 10 or so hours, Occam suggests it was a phish. Or a Man In The Middle on the one victim.