REALTIME IT NEWS
REALTIME IT NEWS
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The Blog
« Firefox 3.5 zero-day flaw fixed in Firefox 3.6 |
Sean Michael Kerner Blog
| Microsoft signs Linux patent deal with Buffalo »
Twitter hack was wrong - where have ethics gone? From the 'shaking my head in disbelief' files:
Reports are out that a hacker broke into the personal files of Twitter employees by way of password guessing then sent those files to popular tech site TechCrunch where some of them have been published. What's wrong with this picture? If someone broke into your house, stole your bank statements, sent them to a media outlet and then were published, wouldn't the police be involved? Was the information illegally obtained? If you access an email account that isn't yours (by brute force or otherwise) isn't that a crime? Officially speaking Twitter has stated that: "We are in touch with our legal counsel about what this theft means for Twitter, the hacker, and anyone who accepts and subsequently shares or publishes these stolen documents. We're not sure yet exactly what the implications are for folks who choose to get involved at this point but when we learn more and are able to share more, we will." Now if the hacker had simply posted the information on some random web address - then directed media (TechCrunch or otherwise) to the site - that might be a different story. Then there is an arm's length (possibly) distance, the info is already public and the media still might have an ethical question - but at least they are not directly complicit in the distribution of data that could well have been obtained through illicit means. The password guessing hack isn't a new approach though - remember Sarah Palin got nicked by the same approach - overall this incident underscores the need for stronger passwords. It also underscores the need for some other mechanism beyond just passwords to secure sensitive data. There should be multiple layers of passwords and/or some form of two factor authentication to access sensitive data. The fact that the password was easily guessable does not make the hack right - it just makes it easy. If you leave the keys in your car and the door open and someone steals your car - it's still a crime - though it is one that is preventable. 0 TrackBacksListed below are links to blogs that reference this entry: Twitter hack was wrong - where have ethics gone?. TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8481 1 CommentsLeave a comment |
||
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
You are correct in stating that "The fact that the password was easily guessable does not make the hack right - it just makes it easy", however the problem here is that the problem goes well beyond passwords and password strength. Social networks have also made easy the ability to crack commonly used "Challenge Questions" as well because frequently your first pet's name, your school, and other sorts of information that go into comprising these questions is readily available online. Paris Hilton is another classic example of these types of challenge questions going terribly wrong as a security mechanism. You could give wrong answers to these questions, but then you are tasked with having to remember the wrong answers that you gave :)
Passwords generally exist to protect users from other users. Most hackers are using application level attacks now to compromise systems. If they have a password, it just provides a lower barrier of entry with which to compromise a system, but in many cases if you compromise an application level vulnerability you will end up with a more trusted level of access than if you compromise a more restricted user account.