Britney Spears Hack Highlights Reputational Risk of Weak Web 2.0-Based Service Passwords
Back Published 2009-07-06
Redwood Shores, Calif. — July 6
The apparent hacking of Britney Spears' Twitter picture service account — with consequent false reports of her death — is a reflection of the increasingly mischievous nature of a small, young — and probably immature — section of the Web user base, said Imperva, the IT compliance and business risk mitigation specialist.
Mildly alarming as reports of Britney's premature demise were, they also came in the wake of incorrect Web reports from New Zealand of the actor Jeff Goldblum also having passed away," said Rob Rachwald, Imperva's director of marketing.
"What the complex online events leading up to the incorrect reports of the celebrity deaths spreading around the Web show us, however, is the sheer power of the Internet in terms of potential reputational damage," he added.
According to Rachwald, since Twitter's picture service currently only has a four-digit numeric password system, a brute force attack would be able to hack into the account in a matter of hours.
And, he says, as new Web 2.0 services evolve on the Net, the effort and focus of the application owners is going to be devoted to the fast availability of new features and commercial models.
As a result, he explained, the new services' IT security protection is likely to get left behind and will almost certainly not be integrated into the application.
For this reason, he went on to say, as well as being careful when it comes to setting secure passwords on these next-generation services, companies need to implement Web application firewalls alongside the services so as to afford better overall protection.
"The key issue here is that companies need to install additional security technology at the same time as when they deploy these new Web 2.0-based services in their organization," he said.
"This is because Web application firewalls and other protective Internet security systems are becoming more and more important, as they can compensate for internal security control issues," he added.