Dear Reader,
For anyone who did not spend the past month under a rock, it was hard to escape the news about Elon Musk’s Twitter takeover and the chaos that followed. In this month’s newsletter, we do not revisit questionable management decisions or speculate over the fate of the social network. Instead, we take a look at the associated security risks for Twitter users and a possible alternative.
Chief Security who?
Following the layoff of approximately 3700 employees shortly after the acquisition, Twitter’s Chief Information Security Officer, Chief Compliance Officer and Chief Privacy Officer all resigned from their posts within a few days. While these are by far not the only departures in Twitter’s leadership, it does raise the question of how well security, privacy, and compliance are catered for in a time in which the platform and the company as a whole are undergoing massive change.
Things start crumbling
Shortly after, unsurprisingly, Twitter users began complaining about certain features of the platform failing. One of them the Multi-Factor Authentication (MFA) codes, a crucial security feature to prevent account takeover, which were not delivered reliably anymore. Lest we forget, aside from its microblogging service, Twitter has also established itself as a popular identity provider, allowing users to login to other sites using their Twitter account – a practice that one might want to reconsider.
Don’t fall for scammers
Given the speculation about new Twitter features and its revamped blue checkmarks, it was only a matter of time until scammers used it for their advantage. So, phishing emails promising recipients verified account status for free started showing up. As highlighted before on Cybersecurity Magazine and in this newsletter – always stop and think before clicking any suspicious links.
Looking for alternatives
Thanks to the ongoing Twitter debacle, its alternative Mastodon is gaining massively in popularity. While Mastodon is already a very popular project among security minded folks, you should know what you get into before changing platforms. Thankfully, Graham Cluely put together a short summary of Mastodon’s security and privacy features for newbies.
Still working out the kinks
As part of its new-found fame, Mastodon is now also getting increased attention from security researchers. One hopes this is ultimately beneficial for Mastodon, as more eyes take a look at its open-source codebase and vulnerabilities get fixed faster. However, given the federated nature of the platform, the security of users’ data crucially depends on the operator of the instance.
Finally, check out our latest podcast episode, where we talk to leading expert Adam Shostack about threat modelling.
-----------------
For our latest video discussion on the security and production systems please see the River Publishers YouTube.
The latest journal articles from River Publishers in all areas of cyber security can be found on the River Publishers website.
https://cybersecurity-magazine.com/
https://www.linkedin.com/showcase/cybersecuritymagazine
@magcybersec
https://www.facebook.com/Cybersecurity-Magazine-100535232117942