Comments on: Tallying Twitter’s Application Security Best Practice Violations

By: Zero in a bit » How To Protect Your Users From Password Theft

Zero in a bit » How To Protect Your Users From Password Theft — Mon, 26 Jan 2009 20:49:49 +0000

[...] you’re rethinking password storage, it might be a good time to consider other common flubs such as password complexity and brute-force [...]

By: coffee buzz

coffee buzz — Sat, 10 Jan 2009 03:46:26 +0000

did the Twitter Admin change his password to “sadness” after he was hacked? haha… ok not funny

By: Google inurl: still the quickest way to find 216 million flaws « omg.wtf.bbq.

Wed, 07 Jan 2009 17:40:45 +0000

[...] you sent them and hijack their identity and, most likely, their Twitter account because apparently they take security lessons from Oracle, which, for the uninitiated, is like taking gun safety lessons from Plaxico Burress (my 2nd round [...]

By: Chris Eng

Chris Eng — Wed, 07 Jan 2009 16:10:42 +0000

Fair point, but look at the chaos that ensued a while back when someone posted a fake news item on CNN's iReport about Steve Jobs' health? And that was just some Joe Schmo, not even masquerading as an official news outlet. How much worse would it be if that had been posted on an official source such as @cnn, @nytimes, or even @foxnews? Or all three at the same time? Twitter stopped being "just a toy" when corporations, celebrities, political figures, news outlets, etc. started using Twitter and other forms of social media as an official PR outlet. Just because it's a free service shouldn't obviate the need for security. In this day and age, users expect -- and deserve -- a certain level of security and privacy.

By: Sven Türpe

Sven Türpe — Wed, 07 Jan 2009 11:27:53 +0000

Shouldn’t you mention that Twitter ist just a toy? Surely there are many things in the security text book that they could do. But would they make sense for a toy?