2022-09-05 00:00:00

Securityplan|recovery|redundancy|Twitter|updates|whistleblower|Zatko

What small businesses and homes can learn from the Twitter whistleblower

One of the last big decisions Jack Dorsey made before handing over Twitter's CEO responsibilities to Parag Agrawal was to hire a cybersecurity expert to fix the numerous security problems the company has. Peiter "Mudge" Zatko accepted Dorsey's offer, and took the job. After getting to know Twitter's IT operations, he realized he had discovered a house of horrors (from the cybersecurity perspective). In August 2022, Mr Zatko published a 200 page report where he bluntly outlined what was wrong at Twitter. Multiple U.S. authorities are also studying the report, and deeper investigations are expected. We studied the uncovered information to learn how small businesses and home computer users can avoid the mistakes Twitter has made.

The key security points that small businesses and home computer users should take away from the Twitter whistleblower report are responsibility, planning, licensing, and action.

Responsibility

Take true, honest responsibility of all the computers, connected devices and networks you have. When (not if, but when) something goes wrong, such as a ransomware attack locks all data in servers, or someone walks out with the hard disk that contains all the sensitive data, you are responsible for the recovery.

It looks like people in Twitter organization knew about the security problems but carried on, avoiding responsibility and avoiding taking action. In cybersecurity, the key factor is that each and every person behaves responsibly when he or she encounters a phishing attempt, click-this-link request, or is thinking to skip a security update.

Planning

Twitter is a large organization with about 8000 staff that should have a concise a plan how to prevent cyber attacks. Since we know that no one can prevent all attacks, it is also important to have a plan how to recover from security breaches. The faster you recover from a disaster, the faster life returns to normal. Don't be like Twitter, but create your plan by starting from the assumption that you have been hacked. It is an eye-opening exercise.

Licensing

Practically all large organizations are already applying artificial intelligence (AI) and machine learning (ML) into their business processes, Twitter among them. For instance my Twitter account has been locked a few times by a stubborn AI algorithm that believes I have broken the service's Terms of Service. An email message to the support asking them to unlock the account works instantly - no questions asked. I think the only objective for locking the account is to probe if I am a bot.

Anyhow, the whistleblower report claims that Twitter is using machine learning data models and data sets that the company hasn't licensed for their applications. This is a huge risk to take for a business. Ensure all software running in production use has been licensed. Even open source software packages should be checked.

Action

It is a miracle how Twitter has managed to keep on operating without more major security incidents than the ones reported earlier. The whistleblower report describes how half of the company's servers are running on outdated software without any active update processes enabled. The same applies to employee laptops. The company has no redundancy plans to continue operations if, for instance, an entire data center fails. Half of engineers have access to the production system and its data, and there is no way to track if someone does something he shouldn't. Twitter's security and privacy problems discovered in 2011, and sanctioned by authorities, haven't been fixed by 2022.

Small businesses and home computer users can easily do better than Twitter. Simply take action and ensure the vital first steps in every cybersecurity plan have been completed: automatic updates are working, automatic backups are taken, attack prevention is running, recovery processes have been tested, and a redundancy plan reminds how to continue emailing after production accounts have been locked (among other things).


Mr Zatko published his Twitter whistleblower report in August 2022. Its key points has been introduced in many publications, which is why we haven't dived into details of the paper. Read, for instance, Slate or CNN article that both explain the essence of the report.

News

2025-01-21 18:01:00

Well, they are capitals of European countries that have been awarded an extra honor for 2025 by the #EU Commission. These capital awards are annual, so here are the cities selected to represent the best city in each category in 2025. #Europehttps://klaava.com/sure-states-have-capitals-but-in-europe-there-are-also-culture-smart-and-green-capitals/


News

2025-01-15 08:59:00

Not to mention travel – when real life experiences in a destination don’t match the expectations and everything that can go wrong, goes wrong. Well, that’s the beauty of #travel. #Europehttps://klaava.com/nitpickers-travel-journal-travel-lessons-learned-in-2024/


News

2025-01-11 13:25:00

A conclusion from the Traffic Scorecard 2024 results is it takes about double the time to drive along the streets of London (the most congested city in #Europe) than the streets of Munich, which is ranked the 21st most congested European city. #traffic #travelhttps://klaava.com/the-cities-in-europe-where-people-are-stuck-in-traffic-most-often/


A shop dedicated to tasty juice

2025-01-09 14:04:10

arihak

A shop dedicated to tasty juice


in the busy old town center.

2025-01-08 16:16:08

in the busy old town center.


News

2025-01-07 14:56:00

A reminder for keeping your data safe when traveling. Why? It is likely that you have to access your most critical data in risky situations on the road.https://cybernews.com/privacy/how-to-protect-your-sensitive-information-while-traveling/


News

2025-01-02 16:33:00

What about the scenery, you who are hurrying to the other side?#streetphotography#streetphoto


News

2025-01-01 16:06:00

According to a survey, third of travelers are victims of online booking scams. Since it is so convenient to make travel reservations online, that’s what we do. The problem is that we haven’t adopted new methods to avoid online scams. #travel #scamhttps://klaava.com/a-traveler-is-more-likely-to-get-scammed-when-booking-a-trip-than-being-robbed-in-a-destination/


Perhaps road builders had too much time?

2024-12-29 15:19:44

Perhaps road builders had too much time?


News

2024-12-27 18:25:00

#Photography is full of so-called “rules” that can feel overwhelming. However, some of these “rules” are downright myths.https://www.diyphotography.net/debunking-seven-common-myths-photographers-still-believe-in/


What should I read next?

2024-12-25 15:18:22

arihak

What should I read next?


News

2024-12-23 11:34:00

Since #EU #DMA has specified #Apple as a #gatekeeper in #mobile devices, EU considers Apple should implement several iOS connectivity features, predominantly used for and by connected devices. For instance, notifications, automatic Wi-Fi connection, AirPlay, AirDrop, or Bluetooth audio switching.https://digital-markets-act.ec.europa.eu/commission-seeks-feedback-measures-apple-should-take-ensure-interoperability-under-digital-markets-2024-12-19_en


News

2024-12-21 14:51:00

Smartphone users in the US are not impressed with the latest artificial intelligence features on their devices with 73 percent of Apple users and 87 percent of Samsung users unsatisfied, according to a new study. #phone #AIhttps://petapixel.com/2024/12/19/majority-of-smartphone-users-are-unimpressed-with-ai-features-study-finds/


There should be enough ice already to open the hotel

2024-12-20 16:40:17

There should be enough ice already to open the hotel


Hiking on a mountain experience: the end of an ancient tunnel

2024-12-09 14:12:31

arihak

Hiking on a mountain experience: the end of an ancient tunnel


on a hot summer day

2024-12-02 18:47:01

on a hot summer day


Cloudy day in a valley

2024-11-25 16:31:59

arihak

Cloudy day in a valley


In the shade of a lone palm tree

2024-11-25 15:46:29

In the shade of a lone palm tree


an abandoned town?

2024-11-07 18:35:22

an abandoned town?


A quiet moment between heavy rain

2024-10-24 17:34:45

A quiet moment between heavy rain