Join The Discussion

 

Super PAC Men: How political consultants took a Fort Worth oilman on a wild ride

The head of a Texas oil dynasty joined the parade of wealthy political donors, aiming to flip the Senate to Republicans. By the time consultants were done with him, the war chest was drained and fraud allegations were flying

read more >

Bridge collapse on I-35 north of Austin

SALADO, Texas (AP) — Emergency crews are responding to a reported bridge collapse along an interstate in Central Texas.

read more >

Latin-inspired restaurant set to open in downtown Fort Worth

Downtown Fort Worth’s dining scene is about to get spicier with the opening of a new restaurant featuring Latin-inspired coastal cuisine.

read more >

Amazon begins Prime Now program in Dallas area

If you just have to have it now, as in one hour, you can, at least in the Dallas area, as Amazon.com Inc. announced Thursday it will offer Prime Now.

read more >

Texas jobless rate falls as employers add workers

Texas unemployment fell to 4.3 percent during February for the sixth straight month of declines, the Texas Workforce Commission reported Friday.

read more >

 

AP hack proves Twitter has a serious cybersecurity problem

 

Julianne Pepitone

NEW YORK (CNNMoney) -- If Twitter needed any more evidence that it has a serious security problem, this should do it: Stocks plunged sharply on Tuesday after a hacker accessed a newswire's account and tweeted about a false White House emergency.

The shocking tweet came from the Associated Press earlier this afternoon: "Two Explosions in the White House and Barack Obama is injured."

The AP's communications team quickly tweeted from its own account that the main AP Twitter was compromised, but investors had already panicked. The Dow Jones industrial average immediately plunged by more than 140 points.

And there it is: After years of hacks that typically involved little more than obscene language, Twitter's subpar security measures have now caused serious real-world consequences.

Many hacks happen when account owners use guessable passwords or access Twitter over public Wi-Fi and shared computers. If one person who tweets from a corporate account loses his or her phone, an entire corporation's Twitter account could be at risk.

While Twitter can't control those issues, critics say the company could do more to prevent them.

Security pundits have called on Twitter for years to beef up its security using simple methods: Sharply limit the login attempts allowed from a single IP address. Let only one person access a Twitter account at a given time.

Ideally, Twitter would employ a "two-factor authentication" login method. It's a basic security tool already used by Google, Facebook and Dropbox that requires both a password and a piece of data, such as numbers sent via text message.

Twitter began posting job listings earlier this year for engineers to work on two-factor authentication. The posts came after Twitter's own systems were hacked, and the attackers gained access to usernames as well as encrypted and randomized passwords for about 250,000 users.

But job postings don't mean much until serious changes are implemented. Meanwhile, the hacks have continued. News organizations are a particularly attractive target thanks to their reach and influence.

The Twitter accounts of CBS' 60 Minutes and 48 Hours were compromised over the weekend. In July 2011, News Corp.'s Fox News account -- followed by more than 2 million people -- was hacked in and tweeted that President Obama had been assassinated.

That same month, eBay's PayPal United Kingdom Twitter feed was hacked, and the profile photo was changed to a pile of excrement. Comcast's NBC News account was also compromised two months later, falsely tweeting that a plane had crashed into the Ground Zero area of Manhattan.

In February of this year, both the Burger King and Jeep Twitter accounts were hacked during the same week.

It's unclear what, if anything, Twitter plans to change. As always, a company spokesman said, "We don't comment on individual accounts for privacy and security reasons."

So far, Twitter has put the onus on brands to ensure they're being smart about choosing and sharing passwords. Following the Jeep account hack earlier this year, Twitter tweeted a link to a "friendly reminder about password security."

Twitter can tweet about best practices all it wants, but that approach clearly isn't working. When hacks do happen, the company does a good job of restoring compromised accounts typically within a few hours. But as the AP hack proves, these attacks can have damning real-world effects.

< back

Email   email
hide
Catch
How 'bout them Cowboys?