By Brian Czarny

This week it was impossible to escape the “big news” that Twitter got hacked. The French hacker, known as “Hacker Croll,” who made headlines back in May for a similar Twitter breach, was at it again. This time he managed to get his hands on at least 310 sensitive Twitter business documents by gaining access to an employee’s email account, subsequently using information found in that account to then access the employee’s Google Apps account to steal the confidential company documents. The hacker sent the documents to TechCrunch, who then chose to publish them along with an account of the breach.

This highly publicized breach got people talking, and ignited a wave of speculation about two things: first, about the security of passwords and how easy it is to guess the answer to someone’s security question based on publicly available information found on social media sites; and second, about the security of data stored “in the cloud” – in this case, Google Apps.

Oh no, the sky is falling!

Our data isn’t safe in the cloud!

On the second point, let’s not take this too far. This incident has little to do with the security of the cloud apps themselves. It is much more about the first point and the security practices that users of all Web sites and applications – whether they are banking sites, social media sites or cloud applications – should be employing in their day-to-day use.

The key learning end users should take from this incident is that password security is critical, both in terms of the passwords you choose as well as the amount of data you expose publicly through social media sites like Twitter and Facebook.

Twitter spells this out on its blog response and even Hacker Croll himself articulates that his intention is to teach people a lesson about the security holes in secret questions:

“What I would like to say is that even the biggest and the strongest do silly things without realizing it and I hope that my action will help them to realize that nobody is safe on the net. If I did this it’s to educate those people who feel more secure than simple Internet novices. And security starts with simple things like secret questions because many people don’t realise the impact of these question on their life if somebody is able to crack them.”

Continue reading →

By Andrew Brandt

Welcome, readers. I’m a member of the Threat Research team at Webroot, and I’ve been asked to contribute to Webroot’s new Threat Blog. I’d like to take a moment to introduce myself, tell you a little about what we do, and explain how we plan to use the blog to keep you informed.

Webroot’s threat experts are responsible for defining new malware, and variants of existing malware, that are being introduced every day. We spend the bulk of our time, to summarize in a massively oversimplified manner, breaking PCs by infecting them with Trojan Horse applications, virii, worms, rootkits, password stealers, and other malicious and undesirable software, then figuring out how to fix them again. We infect our PCs, over and over and over again, so you don’t have to; then we make sure Webroot’s products will protect against or remove the infections.

As you can imagine, our perspective on the front lines of Internet security gives us significant insight into the workings of these unwelcome software pests. And we’re now seeing an unprecedented volume of infected PCs and networks, and greater sophistication employed by those doing the infecting. We were compelled to create a vehicle to share that insight with the rest of the world.

My role is to serve as an information conduit between our malware, spam, and Web security experts and you, the reader. I and others will post details about the most dangerous and difficult security threats we encounter, and how to avoid them. We’ll also be sharing trending data we collect about spyware, computer viruses and other infections, and the origins of the infectious agents that propagate them. Our goal is to provide useful information that will, hopefully, help you protect yourselves from what seem — to us, anyway — like wave after wave of increasingly hostile, damaging, and obnoxious malware.

So, thanks for stopping by. We look forward to chronicling the threat landscape for you. Please add us to your RSS feed using the link that looks like a little billboard at the top of the page. And feel free to let us know what you think by sending your comments, questions, or requests to the address on the right side of the page.

Webroot Threat Blog – Internet Security Threat Updates from Around the World

WEBROOT – INSIGHTS INTO THREATS AND TRENDS FROM OUR INTERNET SECURITY EXPERTS

Tag Archives: technology

Introducing the Threat Blog

Follow “Webroot Threat Blog - Internet Security Threat Updates from Around the World”