Updates to Anti-Social Media
Lots of commentary this week on Twitter’s mishaps with our credentials:
- Twitter: Keeping your account secure – “Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.”
- Graham Cluley: Yes, you should change your Twitter password – but don’t panic – “THE SKY IS NOT FALLING. BUT DO CHANGE YOUR TWITTER PASSWORD.”
- ESET: Twitter advises all users to change passwords after glitch
- Brian Krebs: Twitter to All Users: Change Your Password Now!
- Help Net Security: Twitter reveals security blunder, asks users to change their passwords
- Sophos: Twitter admits to password storage blunder – change your password now!
- And some relevant thoughts from ESET on/around World Password Day: Recycling is a must, but why would you reuse your password?
- Twitter: No big deal, but everyone needs to change their password – “Biz does a GitHub, downplays security blunder as log file of credentials left unencrypted”
The Register: Google will vet political ads to ward off Phantom Menace of fake news – “Mountain View’s Empire Strikes Back against election meddling”
And The Register again, on old favourites Facebook: Time to ditch the Facebook login: If customers’ data should be protected, why hand it over to Zuckerberg? – “How The Social Network and its partners use that info is a total black box”
Help Net Security: Organizations should not overestimate the short-term benefits of blockchain
The Register: Fresh fright of data-spilling Spectre CPU design flaws haunt Intel – “Chipzilla checking fresh set of CVEs in chip side-channel flaw”
And ESET’s resource article has been updated again: Meltdown and Spectre CPU Vulnerabilities: What You Need to Know
Many of the Things that crop up on this page are indeed necessary. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.
Sophos: Half a million pacemakers need a security patch – refers to the FDA-approved firmware patch for Abbot pacemakers. “In September 2016, the company sued Internet of Things (IoT) security firm MedSec for defamation after it published what St Jude said was bogus information about bugs in its equipment … security consultants at Bishop Fox confirmed the validity of MedSec’s findings. The company begrudgingly stopped fighting and litigating and issued security fixes.“