Twitter Continues to Be Caught With Their Pants Down


flee over at Fortify has an excellent analysis of the recent incidents with Twitter where very high-popularity profiles have been hijacked. The analysis is exceptional, but I have one question:

Does anybody take Twitter seriously? I mean....really?

Yes, certain brands use it as a means to remind deliberate followers that the brand is indeed still alive. In fact, is there really a better way to receive notification of the daily woot? But on the other hand, do followers really trust that Twitter has validated the authenticity of the people sending them tweets?

I suppose that unfortunately, the answer is yes. Or to be more accurate, I suppose that users have not really thought about it. In fact, I suppose that a few security-savvy users depend on it as Bruce Schneier thought it necessary to clarify that @bruceschneier is not Bruce Schneier. (Or at least not the Bruce Schneier that runs schneier.com.) And by not thinking about whether Twitter truly authenticates the source of tweets, users implicitly trust the source.

Expect to see a GPG plugin for laconica soon. (And yes, I do realize how silly of a statement that is.)

And while you're here, be sure to subscribe to the Fortify Blog. Those are all folks who do development and security, and do them both pretty well.