Twitter/Google Apps hack raises questions about cloud security.Byline: firstname.lastname@example.org (Staff)
Questions about cloud security and the feasibility of storing critical information in Web-based services are being raised in the wake of a hacking incident involving Twitter A Web site and service that lets users send short text messages from their cellphones to a group of friends. Launched in 2006, Twitter (www.twitter.com) was designed for people to broadcast their current activities and thoughts. and Google Apps A collection of Google applications and utilities that is offered as a package either free or paid. In 2007, Google combined its e-mail, instant messaging, calendar, word processing, spreadsheet and Web authoring applications along with administration utilities into Standard and Premier . <p>A hacker obtained and distributed more than 300 confidential documents pertaining to Twitter's business affairs that were stored on Google Apps. <p>Insufficient password strength The term password strength is a security measure of passwords. The necessary quality of the password depends on how well the password system limits attempts to guess a user's password, whether by a person who knows the user well, or a computer trying millions of possibilities. has been pegged as a root cause, but industry observers are debating whether Google or Twitter is most at fault. "It's not clear to me whether it's a black mark on Google or a black mark on Twitter at this point," says Pund-IT analyst Charles King Charles King may refer to:
USV Unmanned Surface Vehicle
USV United States Volunteers (Civil War)
USV Universal Steering Vector
USV US Visits System to Gmail and Google Docs," Wenger writes in a blog post. "The threat of access by a third party increases exponentially with the move to the cloud, because the machines that now contain the documents and the links to those documents (as sent by e-mail) are accessible to the Internet at large. With anybody with an Internet connection potentially being able to access, a simple username/password scheme is clearly insufficient for authentication. This is especially true given password reset mechanisms based on 'canned' questions with easily guessed answers." <p>Wenger goes on to suggest a two-factor security system utilizing text messaging Sending short messages to a smartphone, pager, PDA or other handheld device. Text messaging implies sending short messages generally no more than a couple of hundred characters in length. , in which a user receives a text with a secret code after inputting a username and password. <p>"I am hoping that nothing worse than the Twitter breach has to happen before providers such a Google and Microsoft will offer stronger authentication as an option," Wenger concludes. <p>Another venture capitalist Venture Capitalist
An investor who provides capital to either start-up ventures or support small companies who wish to expand but do not have access to public funding.
Venture capitalists usually expect higher returns for the additional risks taken. , Michael Eisenberg of Benchmark Capital Benchmark Capital is a venture capital firm responsible for the early stage funding of some very successful startups, including eBay. In 1995, the firm invested $6.7 million in eBay, which became worth more than $5 billion by the spring of 1999 and resulted in one of Silicon , offers his take that customers need to be wary of using Google to store critical documents. <p>"The bottom line is that many startups and an increasing number of large companies are using Google Apps for critical company documents. Most of them think that they are living securely. They are not," Eisenberg writes. <p>Eisenberg cautions customers to examine security procedures and document storage policies of cloud providers. "While Twitter thought they were secure and [that] they had outsourced their security to Google, in reality they were exposed," he writes. <p>The Twitter breach came to light Tuesday when TechCrunch reported that it had received a zip file (1) A file that contains one or more files that have been compressed into the ZIP format. Also called a "ZIP archive," "zipped file" or "zipped archive," the ZIP algorithm is the most popular compression method in use.
Not Just the . containing 310 confidential Twitter documents, including "executive meeting notes, partner agreements and financial projections to the meal preferences, calendars and phone logs of various Twitter employees." <p>TechCrunch says the documents came from a hacker who calls himself "Hacker Croll. This hacker has also reportedly compromised Twitter accounts of celebrities such as Britney Spears and Ashton Kutcher, and Twitter CEO Williams.<p>Ultimately, users have to be responsible for the strength of their own passwords, King says. But vendors can play a role by offering stronger authentication systems, he notes. <p>"To their credit I think some vendors have been more insistent about users supplying better passwords than their names spelled backward, or their birthday, or ABC ABC
in full American Broadcasting Co.
Major U.S. television network. It began when the expanding national radio network NBC split into the separate Red and Blue networks in 1928. and 123," King says. <p>Burton Group analyst Dan Blum says customers should be wary of cloud services that rely primarily on passwords without other controls, such as device identification, or locking out users who type incorrect passwords several times in a row. <p>"I wouldn't store sensitive documents in a cloud-based service unless I had a lot of confidence in the specific service," Blum says. "I'd hold them to the same standards that you hold for your own internal applications. If you expect your internal applications to be accessed only through two-factor authentication then the cloud should be at least as secure as that."<p>Copyright 2009 IDG IDG International Data Group
IDG Integrated Drive Generator
IDG Installation Design Guide
IDG Internet Discussion Group
IDG Inset Dielectric Guide
IDG International Dangerous Goods (mail, shipping) Middle East. All rights reserved.
Provided by Syndigate.info an Albawaba.com company