Monday, September 26, 2011

Script Kiddies new victim: USA Today

At least when The Script Kiddies hacked USA Today's Twitter account, they did not spread rumors about a false terrorist attack. But still, hacking is hacking in the eyes of the FBI. (Not to mention the owners of the hacked accounts).
Groups like this really should have no second chance though. Twitter should have shut down their account after the 9/11 hack. Also Twitter is a bit loose on security. It is questionable who has account credentials once a user clicks allow for a third party program to gain access to the account. Also it appears to be too easy to take over someone's Twitter account. Think about how many times in the past year a Twitter account has been compromised and talked about in the news. It happens less with Facebook. Facebook takes great measures to provide security to deter hacking attempts. If Facebook sees unusual activity on the account (ex: a login which is usually coming from Boston comes from Japan in the same day), they will suspend the account. In order to use the account again, the user must give backup information that Facebook has on file in order to prove maintain integrity, and the user is forced to reset the password.
Twiter does not have this. When thinking about this, it did not make sense for Twiter not to implement this security on the accounts. In profile settings in Twitter, there is a tab for mobile. This tab is for allowing or not allowing mobile alerts. Why not have the users enter in their cell phone number, but they can still have the option to not allow tweets on their mobile phone? This way, if there is unusual activity on their account, Twitter has their phone number and can at least send them a text message alerting the user. This way, the user can take appropriate actions in order to have Twitter suspend the account for their protection or let Twitter know everything is ok.
While the social network sites compete with each other to have the biggest user base, it would be beneficial if they all were mindful of security and implement it to however it may fit into the user experience they provide.

No comments:

Post a Comment