3 things we can learn from the Twitter security flaw

0  comments

According to the official twitter blog, the cross-site scripting programming error that allowed the recent mouse over exploit had been “discovered and patched…last month”.

Twitter stated that the flaw was then reintroduced after a recent site update. Based on a report from the guardian.co.uk, two developers, a Japanese developer, Masato Kinugawa, and a Scandinavian developer, Mangus Holm, were (separately) experimenting with the flaw when things got out of control.  The flaw was eventually identified and exploited by more nefarious characters. Aside from serving as a reminder that the Internet can be a dangerous place, what other lessons should organizations take away from this?

  1. The importance of a solid change management (and revision control) process – While no person is infallible, and no process is perfect, the fact that the update was reintroducing a previously fixed vulnerability should have been caught.
  2. It’s not always the bag guys that get you – While you can argue that they were acting irrisponsibly, it doesn’t appear Mangus and Masato intended to do harm. Our organizations are filled with people (even in the IT dept.) who are “just curious”, or “in a hurry”, or “didn’t realize it would do that”.
  3. The fragility of the Internet ecosystem – This is a reminder that any one of the hundreds of thousands of services and systems that we come to rely on is susceptible to human error.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

You may also like:

Dedicated Vs. Non-Dedicated HIPAA Security Officer
What is a Dedicated and Non-Dedicated HIPAA Security Officer?
What are the primary responsibilities of a HIPAA Security Officer?
What is a HIPAA Security Officer?

Subscribe now to get the latest updates!

>