Is it enough to simply secure user access?


Is it enough to simply secure user access?

  • By Matt McInnes
  • 1 Tags

There have been some widely publicised security breaches recently and it seems hacking groups are moving into the realm of online rockstars, which will only increase the frequency of this type of breach.


One we want to focus on today is the July 4 attack on a Twitter account at Fox News in the US.

If you’re not familiar with the incident, hackers gained access to the Fox News Politics Twitter account and posted messages announcing the assassination of President Obama (which are completely untrue, but particularly emotive). Fox News have since removed the tweets from their timeline.

The incident highlights some of the risks involved with the growth of cloud based software as a service (SaaS). Businesses are no longer responsible for the end to end security of software (that is outsourced to Twitter in this case) and the best you can do to control access is use a particularly strong password that is changed regularly. In a large business like Fox News, there may be multiple people that require access to the one Twitter account. If a strong password is maintained and changed regularly, this password then needs to be shared between multiple people, meaning there will be a process to inform the relevant people of any new password.

While on the surface it appears that the Twitter account password was guessed (maybe using some sort of brute force attack), perhaps the process to inform different groups of an updated password was where the attack actually originated. One example of this may be someone masquerading as a Fox News staffer requesting the Twitter password over the phone. If the person on the end of the phone fails to follow due process to verify who they’re speaking to (perhaps due to a perceived urgency to post something), the password could be handed over to a non approved user.

Why would a car thief break into a car when someone will happily hand them the keys…?

If you’re thinking about how cloud based applications or infrastructure can benefit your business, arrange a time to discuss your particular requirements with one of our consultants.

Linkedin Twitter Facebook Digg Delicious Reddit Email

CATEGORIES Uncategorized