Once Again, Social Engineering Proves Much Easier Than Real Engineering

      by Wyatt Walter

Whatever Twittercut was or wasn’t, it does seem to have proved an already-known fact once again surrounding computer security: sometimes it’s easier to just ask someone for their username/passwords than to try to steal them. Twittercut was a service that has been called a worm by several blogs and other methods because of its use of viral social techniques for spreading its popularity. The service was supposed to help one receive a large amount of Twitter followers after you entered your Twitter username and password into their service. This is no different than a lot of services out there for Twitter. However, when it started posting tweets in accounts, people got a little freaked out. Right or wrong, that’s what happened.

What’s important here, though, is the lessons learned. People, for some reason, seem to be all loosey goosey about their credentials to services such as Twitter. This is okay as long as one isn’t terribly concerned about those credentials being stolen. However, if one maintains a single password for all (or even a majority of accounts online) this can be a devastating problem. Once inside your Twitter account, a “thief” can get your email information. Once again, not a huge deal unless you share your password with your email account. If that is the case then things get interesting. Access to one’s email can potentially be key to breaking into other accounts that you hold. Why? Most online services allow you to fill in your username and send a password reset link to your email address.

Okay, so I took that much further than it was taken in this case, but often some of the most devastating worms are just that simple. Hopefully people who found themselves caught up in handing out usernames and passwords like they’re candy can get a little reality check after this scare.

Related Posts Related Websites

Tags: ,
Filed under Tech Trends : Comments (0) : May 27th, 2009

Leave a Reply