security and web 2.0

In Web 2.0 & all that on April 28, 2009 by Danielle Tagged: , , , , , , , ,

In light of the upcoming web 2.o open session at CILIP headquarters tomorrow, I thought I should have a look at a document featured in UKeIG’s Elucidate–Top web 2.0 security threats.

This paper mentions that a hacker used a ‘brute force dictionary attack‘ to hack into Barack Obama’s Twitter account and 32 others. These attacks succeed because “people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.”

Basic passwords are easy to hack–nothing new, and something that is related to the perceived desirability of hacking in–I doubt Cilip’s future twitter account would ever be hacked.

The real danger to Cilip, in my opinion, is one that Facebookers are familiar with-that bit of news your friend posted to your wall that was a secret and is now widespread knowledge. Although, I think this can only help a group like Cilip that has struggled with marketing and even keeping its active members in the loop.

This paper suggests that the big picture of employees and job titles on a site like LinkedIn can be detrimental as this information can be used to launch a social engineering attack, for example.

The security paper was methodical but not terribly forward-thinking. What of the accuracy of Twitter and its associated trending tools? If I have a tweet that has nothing to do with swine flu, for example, maybe I will throw in #swineflu just to get more followers by: (a) coming up in more search results and (b) appearing in tools like monitter (a search engine with an ever-updating display to let you monitor the ‘twittersphere’).

A recent article in the Guardian suggests that web 2.0 is dangerous during an epidemic:

The web is famously treacherous as a self-diagnosis tool; a perfect example of how a little information can be dangerous; some Twitter users have been spreading message about not eating pork (it’s not possible to catch swine flu from eating infected meat).

We are taught to consider both context and the authority of the source when evaluating information. On Twitter, however, there really is no context as information comes in 140 character bursts, and, as the Guardian article points out, can we really trust somebody named @budgiebreath to point us the right way?

Some have perhaps benefited by presumably choosing quality information sources to monitor. Veratect, a biosurveillance company, claims to have alerted the CDC about the flu before authorities in Mexico declared there was a problem, according to Wired.


2 Responses to “security and web 2.0”

  1. […] post:  security and web 2.0 « (the) health informaticist Bookmark […]

  2. […] the original here:  security and web 2.0 « (the) health informaticist Bookmark […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: