General Politics Discussion VII [ARCHIVED] • Page 1415

oh. I thought I read it was someone getting some sort of admin password off of a slack.

still a pretty big lapse in judgement. Seems like there should probably be some security rules in place after a password reset that limit what you can do for a bit. at the very least something like "no access to DM history for the next three days" seems like it could've prevent something like this.

 

Eh, I reset my passwords every once in a while or when there's breaches or just on a schedule, I don't think limiting access to a service after a password reset is a good solution. Sometimes it's because access happened in a different way and you need to lock down an account, which would need full access to it.

 

For real. At my job, you have to submit a ticket (sometimes multiple) for production access, have multiple approvals from multiple higher ups, and then you're given temporary access for a couple hours. It can sometimes take days to get all the approvals. The fact that someone can just log into this dashboard without any sort of approval process is.. concerning from a major tech company.

 

Probably should depend on how a reset is requested. If its a simple "already logged in user clicks reset my password" then that's fine. If its "user doesn't have password but is able to reset via email" then maybe thats okay too but a short lockdown on more secure features like DMs seems like in order.

If they gotta hardcore email swapping/SIM swapping tactics... kinda feel like that should be a red flag something is up and it doesn't hurt to make the user wait a few days while you verify its really them

 

If that person meant that 4 more years of Trump and 8 years of an actual progressive might be more preferable than 12 years of Biden then Kamala, I could understand thinking that in a vacuum. It falls apart though because getting the 8 years of a progressive is far from guaranteed if Trump wins again and if there is a real progressive movement in Congress I think it could push Kamala left (she did say she supports Medicare for All because it was popular) and maybe even Biden if he somehow makes it past 4 years although that one is more doubtful on both issues. Still not much faith in this party no matter what but either way I have more hope in that scenario than what the country would look like after 4 more years of trump and then trying to win another primary and then general with a progressive.

 

If they had access to employees, dunno what waiting a few days would have done in this situation. The better answer is for don't use third party social networks for any sensitive information transfer. DMs ain't the place for anything you don't want to become public.

 

wait did they get access to the accounts cause the targeted the twitter employees and then used the twitter employees credentials to hack the accounts or did they just access the accounts directly?

seems like a lot is still unknown. hopefully Twitter will take the high road and eventually release a full recap of what actually happened

I'm also not sure I agree with "don't use third party social networks for any sensitive information transfer". Unless you're running your own email server, whatever you're using to transfer information is gonna be vulnerable to attack. And honestly unless you're some elite technical wiz, your personal server isn't gonna be more secure than something a third party can do for you. So how are people supposed to securely exchange messages?

 

iMessage or Signal would both be far better than Twitter DMS.

 

why though? why can't twitter put the same level of security into their dm handling that gets put into iMessage or signal? If Apple can get it right, Facebook and Twitter can too

 

Curious to what it says

 

Because they don't care about privacy. DMs aren't even encrypted by default.

 

but that's kinda my point. They should care about privacy. The problem isn't inherently using a 3rd party social networking site for your messaging the problem is 3rd party social networking sites not caring about privacy when they should.

 

If you know the networking sites are horrific at privacy, yeah, that's your problem to. Don't do it. It's a bad idea. They don't care about privacy. Don't use them for sensitive information.

 

"don't use third party social networks that don't have a proven track record of caring about privacy for any sensitive information transfer" is rather different from "don't use third party social networks for any sensitive information transfer"

 

They’re the same. None of them care about privacy. Don’t use them for sensitive information if you don’t want it to get out. Basic security principle, 101 shit.

 

Over here laughing at the idea that a packet of foreign-generated secret oppo is actually needed to help “bring down” Biden. He’s got plenty in the public record already.

 

Man i feel like the amount of effort and arguing and shouting it must of took to beat him into submission on this virus related stuff over the last few weeks by his team must have been massive. Wonder how many people got "fired" and just didn't leave lol

 

In that article it says the packet was sent in December so I guess it’s kind of nothing?

 

Unless they’re saving it for later in cycle, like September/October. Wouldn’t do any good to release it now.

 

"Look, only half the country is shit so we are doing okay!"

 

One portion of which he doesn’t even consider America (the Northeast)