Twitter Security Failures
From iGeek
Twitter was the worst managed Big Tech company, according to Whistleblower Peiter "Mudge" Zatko.
~ Aristotle Sabouni
Created: 2022-12-12 |
A Whistleblower (Peter Zatko, ex Security exec at Twitter) was blowing the doors off how poorly Twitter was managed in his testimony to congress.
- Twitter Mismanagement Twitter was the worst managed Big Tech company, according to Whistleblower / ex security executive Peiter "Mudge" Zatko.
- Foreign assets working at twitter, but that was blown off by Management as no concern.
- What this means in the real world is that a Chinese National saying the wrong things in America on twitter, could be outted, then harassed or killed for what he posted by the CCP. But Twitter Management was either too stupid to understand what that meant, or too callous to care about the lives of victims of despotism.
- 5,000+ people had privileged access to production. (They had no dev->stage->production flow, everything was done live). Then they remoted in to their work machines, and had spyware on one of both of them.
- This means that hackers could not only compromise the developers system, but all the data on production (including customer data). And without End-to-end encryption for DMs (they don't have that), it means everything on Twitter was available to foreign spys.
- Twitters systems were fragile, and might be unrecoverable if everything came down at once, and they had no way to bring it all up. This almost happened and caused a scramble, but they still didn't fix it.
- These violations meant they had not complied with their promises to FTC and their board about using SDLC processes, and lied about it. (Basic SOX compliance failure). This violates transparency and reporting rules, and is very, very bad.
🔗 More
| |
🔗 Links
- https://pjmedia.com/vodkapundit/2022/12/12/its-official-before-musk-twitter-was-the-worst-run-tech-company-in-the-world-n1652794
- Twitchy: Ex-Twitter security head Peiter Zatko’s explosive whistleblower complaint reveals far worse Twitter rot Former Twitter security executive (whistleblower) Peiter "Mudge" Zatko says that he broached the topic of a foreign asset working at Twitter to another executive, who brushed off Mr. Zatko's concern.
- https://redstate.com/nick-arama/2022/12/12/more-from-whistleblower-report-testimony-that-blows-doors-off-what-was-going-on-at-twitter-n672744
- https://hotair.com/john-s-2/2022/09/13/auto-draft-65-n496316
Tags: Twitter/all