placeholder

Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies | CNN Business

Twitter has major security problems that pose a threat to its own users' personal information, to company shareholders, to national security, and to democracy, according to an explosive whistleblower disclosure obtained exclusively by CNN and The Washington Post.

Click to view the original at cnn.com

Hasnain says:

Given that this is coming from Mudge, this is likely highly credible and quite worrying to read. There’s always two sides to the story though and I wonder what context we’re missing out on. Like for example none of the reporting I read on this mentioned that the CISO also left at the same time - I hope that was due to an oversight (she’s arguably not as famous as Mudge) and not due to sexism. But.. it still seems notable enough to warrant a mention at least?

“But, the disclosure says, Zatko soon learned “it was impossible to protect the production environment. All engineers had access. There was no logging of who went into the environment or what they did…. Nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment.” Twitter also lacked the ability to hold workers accountable for information security lapses because it has little control or visibility into employees’ individual work computers, Zatko claims, citing internal cybersecurity reports estimating that 4 in 10 devices do not meet basic security standards.”

Posted on 2022-08-23T21:49:27+0000