‘Twack’ & Ethics
A recent cracking (an illegal access of computer systems and data) of Twitter related data-in-the-cloud (my reference when using tools where data is used and stored on a remotely hosted system) is in the news.
It seems that some bad person decided to guess the passwords of some users with Twitter relationships (employees or family members of Twitter employees.) Several documents were ‘taken’ and then distributed to third party technical news? Internet sites (some of the data reportedly included company plans.)
Note that the company’s compute resources were not compromised (.i.e ‘hacked’ or ‘cracked’) but that data was accessed simply by guessing a remotely hosted email/application password. There are numerous violations here – both ethical and possibly legal. The company is currently working on a legal response to third parties who accept and then publish these documents. Locating the cracker is a task for the authorities.
So, what sorts of questions might we all have about such an event?
- How would you react to someone taking your personal, possibly sensitive information and posting it publicly?
- Do the companies (web sites) who post such information have any ethical obligations when this issue arises? Do they have any sense of ethics?
- How do we prevent such abuses?
- How exposed are your businesses or your personal web-related, remotely-hosted accounts and services?
There are not any simple answers. The world is full of wonderful, ethical people; The numbers of bad folks is relatively small but their activities will continue to affect all of us. Some basic items to consider:
- for all of your email or Internet service accounts (banking, utilities, on-line stores, etc.) use strong passwords (use a combination of UPPER and lower case letters and numbers – don’t use anything that could be guessed by reviewing public information about you, your family or your business/work)
- limit the types of data that your store using data-in-the-cloud services (if appropriate and possible, encrypt such data)
- never share your passwords or other account access information
If you are in business then your CIO/CTO/CSO (or other reponsible team member(s)) should consider these types of issues and put measures in place to reduce your exposure.
Video Report from WebProNews
Related posts:
- DiD basics – a layered/ring security posture Defense in Depth (DiD) is a layered security posture -...
- Android G2 – My touch – impressions Update 1/5/2010 - the new, Nexus One Android Phone from...
- FREE: the price of success on the Internet… Hmm, everything is free? email standard computer apps special computer apps...
- Got Value(S)? You need both value and values – or you simply...
- Email and Web use privacy (html Beacons) Today I received a couple of emails about an old...