Twitter Hack: The Danger of Chained Apps

Further complicating the problem is that any possible solution would likely solve only one interaction between two hosts. Sure, one vendor fixes the problem, but what about the other? Or all the popular e-mail hosts, for that matter? To solve the larger issue, all e-mail and password-resetting hosts would have to agree on a course of actions -- and that is unlikely to happen. Further, once that problem is fixed, hackers will just jump to the next weak link. Longtime readers know that the only solution I like is where the entire Internet is fixed. Outside of that, we're just playing whack-a-mole with point solutions that are never going to work .

Because that type of Internet protection doesn't exist, users must be ultimately responsible for closing any potential holes opened by old e-mail accounts. For one, don't reuse passwords between e-mail accounts and Web sites. Second, when you're finished with an e-mail account, delete all the messages (sent and received), though be sure to archive and copy what you need to keep. If you're an administrator, maybe it's time to share with end-users the risks of not properly cleaning up old e-mail accounts.

These examples of computer security interconnectedness show the difficulty of the task before us. It's not impossible, but there are no easy solutions. You have to be responsible and responsive, even when it isn't your company or vendor's sole fault.

Related content:

Report: Hacker broke into Twitter e-mail with help from Hotmail
'Hacker Croll' spills details to TechCrunch, the site that published internal Twitter docs

Fixing the Internet
Making the Net safe will require a global security "dream team" and a new security infrastructure service

Google Chrome OS can't be perfectly secure
Developing a bulletproof OS isn't possible, especially one that people will want to use

Subscribe to the Security Watch Newsletter

Comments