A month of insights?

A group of security researchers have declared, that they will use the month of July to list, or is that ‘out’, security holes in Twitter. They justify it as an attempt to get Twitter to move more quickly to improve security. To be fair to Twitter, they do recognize the issue and have been active in closing any ‘holes’. At the same time, they as trying to  hire into the company security developers, if postings on recruitment sites are to be believed.

When they created Twitter, I am far from sure that the founders could have predicted just how quickly and widely it would be used and adopted. It is therefore hard to foresee security issues given this context. The month of bugs is effective in bringing focus and coverage to the issue. As to whether it makes the application safer, this will depend on how quickly and effectively the ‘holes’ are attended to. Importantly, in the medium term we need to see how it influences the development and testing of future applications.

In the meantime, what does this mean for us as users of the service? Well, firstly it does remind us that we do need to be mindful of security. The bad guys follow the crowds and they are flocking to micro-blogging sites like Twitter. You need to ensure that your security product is updated (we are releasing a steady stream of definitions and updates that help mitigate the ‘holes’. Install Windows and other updates from the key application software providers. And be careful of the links sent to you in Twitter. The short-form URL’s bring with them convenience, but they can be equally convenient for the bad guys.

July 7, 2009 | Filed Under Security 

comments

Leave a Reply