PaulDotCom mailing list archives
Couldn't get much easier...big mistake.
From: dagershman_dgt at dagertech.net (David A. Gershman)
Date: Thu, 11 Mar 2010 20:43:02 -0800 (PST)
I regret very much sending the earlier email about the 'cs420' account on Twitter. I made the mistake of thinking members of this list are all honest security workers wanting to make cyberspace safer. After reading the replies to my email, I re-checked the account and found someone did in fact log in, post two "invalid" tweets, changed the avatar to something inappropriate, and changed the password. I'd like to think this happened as a result of this mailing list being indexed, and perhaps someone *off* the list found the information and harmed the account. However, the dates on the tweets are the same day of my original email. I have a difficult time believing any index engine could work that fast allowing the email to be seen by an ill-purposed individual in less than 7 hours. Yes, it's possible, just hard to believe. For the rest of you, those who do want to make things better and safer, learn from my mistake as I have. Unless you know every person you're communicating information to, and trust them, you must maintain caution with that which you communicate. In retrospect, if I did want to point out the flaw in tweeting a username/password, it should have been without giving the account name and only after informing the owner and/or Twitter admins. --David
Current thread:
- Couldn't get much easier...big mistake. David A. Gershman (Mar 11)