Friday, September 9, 2011

NBC Twitter account

Hi folks,

So, today, in an (impressively successful) attempt to prove how irresponsible some people can be, some morons calling themselves ScriptKiddies managed to sneak into NBC's Twitter account, and posted fake alerts about a hijacked plane crashing into the World Trade Center site.

It's not clear how they got in yet, but I have a feeling it was password re-use. Yes, I know the password might have just been phished, and I know it might been a weak password which was guessed, but I doubt that it was brute-forced, as Twitter learned that lesson years ago.

Entirely too many people use just one, or a few, passwords for all their web access, and there are simply too many places we log in now, and if one falls, they all fall.

There are three lessons from this:

(1) Don't take Tweets too seriously. People do get their accounts nailed from time to time.
(2) Subscribe to multiple sources. If something important does happen, multiple sites will report it.
(3) Most importantly, please use one password, or passphrase per site, and either write them down and keep them in your wallet, or use some password keeping software, but don't re-use passwords.

Password re-use is your enemy.

Roger

No comments: