Google+ tips and tricks Facebook should use
Good Gear Guide
Right now, I have all kinds of lists in Facebook--Family, High School, Air Force, Infosec, etc.--which help me cut down the noise on the incoming stream by letting me view individual lists, but when I write my own post I can only choose between ...
by Robert Westervelt
FoxNews.com and PayPal UK Twitter accounts get hijacked by anonymous groups.
Hackers took control of two prominent Twitter accounts recently, posting false messages to followers of the accounts of FoxNews.com and PayPal UK.
Two anonymous hacking groups claimed responsibility for the attacks. One group posted six false messages on the FoxNews.com account, giving followers a phony news item that U.S. President Barack Obama had been shot dead. The move reportedly prompted an investigation by the Secret Service.
News Corp, acknowledged that the account had been hijacked and removed the false messages. A Fox News spokeswoman said Twitter suspended the account once the account hijacking was detected.
Like many news organizations, accounts to Twitter, Facebook and other social networks are often shared between editors. Security experts said the attacks highlight the need for better password management. Twitter told Reuters that it monitors its systems to detect brute-force log-in attempts, but compromises due to “off-site behavior” can still take place.
PayPal U.K had its account hijacked late Tuesday. The account has about 17,000 followers. The messages appeared to come from an angry customer who sent out a message: “PAYPAL FROZE ALL MY MONEY FOR NO REASON…” PayPal reportedly confirmed that its account was hijacked. The messages were deleted by the company.
The two groups involved are from the so-called “anti-sec” hactivist movement.
Chester Wisniewski of security firm Sophos said the password problem stems from organizations giving access to the account to multiple employees. The passwords are typically easy to guess and are often stored on the computers used by the employee and in some cases are frequently emailed.
“Most social networks were designed for use by individuals and don’t offer enterprise-grade security options with granular permission controls. If the password is shared with enough people, someone will misplace it or use something “everyone can remember.”
Attackers also take advantage of password reuse, Wisniewski said. People often use the same password for multiple accounts. Once one account has been compromised, an attacker can attempt to gain access to other online accounts. If the attacker can also obtain the victim’s email address, they can also attempt to reset the password, he said.
A number of password management tools exist to help users follow better password practices. I wrote about the password management tools in February after attackers stole account credentials from users of a popular torrent site for movies to gain access to their Twitter account for spamming.
Poor password use at Twitter
Twitter expects its users to better protect their account credentials, but the company has also been the victim of poor password practices. Twitter has had to deal with a myriad of security issues ever since its service grew in popularity. In 2010 the social networking giant settled Federal Trade Commission charges that it deceived consumers and put their privacy at risk.
The charges stem from incidents that took place between January and May 2009, when hackers gained administrative control of Twitter and were able to view nonpublic user information, gain access to direct messages and protected tweets and reset any user’s password and send authorized tweets from any user account. Those security lapses were the result of employees storing admin passwords.
Google's public-only, profile policy: An opportunity, not a punishment
Geek Shui Living
From an Infosec standpoint, full disclosure of your information on any site, to include those with supposed 'private' profiles, is never recommended. Whether publicly available on the web or hidden from general view, the data you input and files you ...