Wednesday, January 7, 2009

If you let them, humans will mess it up

If you're not thoroughly convinced that humans are in fact the weakest link to any system, then take a look at the entry point of the twitter attack.

The [compromised] user turned out to be a member of Twitter's support staff, who'd chosen the weak password "happiness". full article
Really? The password of someone with admin privileges was the word "happiness"? I can only shake my head in amazement. So there you go, if you think for a second that your internal users are "trusted" or "responsible" in terms of security then just wait, your turn for the front page will come around.

-Michael Coates