Twitter security noticeboard

March 22, 2016 - All, Security, Security Advisory

Ten years ago, Jack Dorsey, Noah Glass, Biz Stone and Evan Williams founded Twitter. Little would they know of its impact, its popularity and its usefulness to people the world over.

As its celebrates its 10th birthday, we take a look at things from a security point of view with our ‘noticeboard’ feature. Here’s to 10, 20, 30 and many more successful years of tweeting.

A space for cybercriminals to exploit

For the all the brilliance of Twitter, there are, somewhat unfortunately, shortfalls – enterprising cybercriminals not only use the social network as a publishing platform (when releasing information from a data breach, for example), but also as a way of exploiting people and organisations.

A recent case involves Josh Holz, whose Damn Daniel viral became the latest internet sensation. His account was compromised, with the attacker posting racist videos. Not so long ago, towards the end of 2015, the social network was compelled to send out a warning to users that their accounts may have been attacked by ‘state-sponsored actors’.

As such, there is a lot to be concerned about – see also the threat posed by scammers – but if you follow best practice and remain vigilant, there’s no reason why you can’t, for example, spot a fake account from a real one.

5 most followed security professional gems

By no means a comprehensive list, but the five names documented below are some of the best known in the security industry.

Who: Brian Krebs, independent investigative journalist

Bio: A former Washington Post reporter, Brian Krebs has carved out a successful career as an independent security journalist. He’s a trusted source and known for getting scoops.

Followers: 131K

Who: Bruce Schneier, cryptographer and security technologist

Bio: A prolific author – he’s penned 13 books – Bruce Schneier is a highly active, respected and visible ‘security guru’.

Followers: 81.1K

Who: Dan Kaminsky, security researcher

Bio: Know as the guy who ‘saved the internet’, Dan Kaminsky has established himself as one of the foremost security experts in the world. When he’s not busy at White Ops, he’s advising Fortune 500 companies.

Followers: 50.5K

Who: Graham Cluley, computer security expert

Bio: A regular We Live Security contributor, Graham Cluley is a seasoned professional who delivers straightforward, insightful and informative news and advice into the latest threats.

Followers: 44.6K

Who: Leigh Honeywell, security engineer

Bio: A security engineer at the communications enterprise Slack, Leigh Honeywell is one of the industry’s most eager users of Twitter and champion of equality and diversity in the industry.

Followers: 15.9K

The most popular ways that hashtags that are used

When it comes to information security, for wider audiences, the most successful hashtags used are of the most visible terms in this space. The wider public is, after all, still getting used to the idea that cybercrime is not only here to stay, but that it is also expected to extend its reach further and further.

So, accessible hashtags include, for example, #cyberattack #cybersecurity #databreach #malware #ransomware #ddos #trojanhorse #privacy #datatheft and #encryption.

These hashtags tends to be used in conjunction with more specific hashtags (which is especially useful to professionals). So, take Cryptowall, a type of ransomware. ESET recently published a tweet in which it used #cryptowall and #ransomware in its messaging, demonstrating this approach.

A social network that ‘thwarted’ Heartbleed

Heartbleed, once described as the “security bug that affects most of the internet”, remains one of the most serious vulnerabilities ever found. Its reach was wide, affecting the likes of Yahoo, Google, Amazon and Flickr.

Twitter, however, was one of the few that managed to evade the malicious grip of Heartbleed, stating that “ and servers were not affected by this vulnerability”. Its users were lucky (note, it did later advise they change their passwords, to be on the safe side).

Author , ESET