Jun 03 2008
I use Twitter, it’s a fun tool to keep half an eye out on some of my friends and other interesting people are doing right now. I think it’s a pretty decent communication tool. But like many tools it’s easy to over communicate. Some of the people I follow have started using Twitter mashup Brightkite and are using it to send pictures with location information to Twitter. I trust that folks like Mediaphyter are savvy enough to carefully regulate their information, but I have to wonder if the average marketing or purchasing person is?
I’ll argue that Twitter is just one more form of data leakage that we have to be aware of as security professionals. Twitter isn’t more of a problem than email, VoIP or any other communication medium. It is easy to broadcast a message to a large audience, but only in 140 characters at a time. We just don’t have any security tools for dealing with Twitter yet. Of course, given it’s history of downtime, that may not be a big concern.
Given the proliferation of social networking technologies such as Twitter, FriendFeed and Facebook, it’s becoming increasingly easy give out information that may reveal more about the internal workings of companies than we’d like. No filtering technology we have is going to cover all of the ways for information to flow into these tools, from web pages to cell phones to desktop apps. All of the social networking tools are going out of their way to make access easier, which makes our job harder.
Training may be the only solution to this problem, but the human element has always been the hardest to secure. Not that we shouldn’t try.