Back to qualys.com
1 post

Timely Password-Change Call from Twitter, as Bugs Hit WebEx and GPON routers

The cyber security news cycle is always active, so to help you stay in the loop here’s a selection of incidents that caught our attention over the past week or so involving, among others, Twitter, Cisco and GPON routers.

Twitter picks a good day for password-change call

As “change your password” calls from vendors go, the one from Twitter last week ranks right up there, and not just because of the scope of users involved. As Jon Swartz pointed out in Barron’s, Twitter’s alert went out on Thursday, which happened to be World Password Day.

The social media juggernaut reached out to all of its 330 million users and advised them to take a moment, go to their account settings page and enter a new password. Twitter also suggested they enable Twitter’s two-step verification feature, a move strongly endorsed by Forbes’ Thomas Fox-Brewster. In addition, Twitter recommended that users change their password on any other online services where they used their Twitter password. (It bears repeating: It’s a bad idea to re-use passwords.)

The reason for the brouhaha: An IT slip-up caused user passwords to be stored in plain text in an internal Twitter log. Twitter’s security policy is to instead mask passwords using the “bcrypt” hashing technique. That way, passwords are stored on Twitter systems as a string of random characters.

Continue reading …