FORTUNE -- A hack of Twitter exposing thousands of usernames and associated third-party access tokens appears not to have done any real damage, but it has made a lot of people realize how many third-party apps they have authorized, inspiring many of them to do some precautionary housecleaning.
That's probably a good idea. You need third-party apps to, among other things, sign in to websites to make comments, connect to Twitter through mobile devices, and authorize utilities such as link shorteners. But the more apps you have, the more vulnerable you are, and you should at least know which apps you have authorized. They can be found here. You might be surprised to see how quickly they have piled up. While you're at it, do the same with your Facebook (FB) apps.
Someone with the handle "Mauritania Attacker," purporting to be acting on behalf of "Islam," published a list of 15,000 usernames and their associated authorization (OAuth) tokens that connect users to apps without the need to reveal account passwords. Someone with that information and the right script could potentially gain limited access to user accounts. There is no indication that this has happened in this case, and Twitter has said that no accounts have been compromised.
The hacker claims to possess "the entire database of users on Twitter." The 15,000 account details were published in plain text on the file-sharing site Zippyshare. One security expert told Mashable that it might be possible for someone to use the information to, for example, post under a user's name, but it's highly unlikely that a hacker could gain full access to an account.
The best defensive measure is to remove all apps, then reconnect to them, creating new tokens for each. It's a good idea to do this every so often, since the tokens never expire.
Mauritania Attacker has made the news before. He is supposedly the founder of AnonGhost, a group that has claimed credit for attacks on thousands of websites, many of them associated with western business interests, particularly the oil industry.
In an interview with Reuters in June, Mr. Attacker insisted that members of AnonGhost are "not extremists" and mean only to "defend the dignity of Muslims."
The group's dignity defending, according to Reuters, has included attacks on "kosher dieting sites" and "American weapon aficionado blogs." The group defaces sites "with messages about Islam and anti-Zionism."
Though AnonGhost has never mounted a serious attack, it is prolific, having defaced thousands of websites. For that reason, despite its relative toothlessness (so far), Cyber Defense magazine listed it as one of the most active groups of "hacktivists" in the first quarter of this year.
Kevin Mandia, who uncovered Chinese hacking, describes how he stumbled onto one of the largest domestic security breaches ever.
FORTUNE -- When 42-year-old Kevin Mandia went public last February with a 60-page report detailing the Chinese theft of American trade secrets, the move propelled his cybersecurity firm Mandiant to the forefront of a national security fire storm.
The story of how Mandia discovered one of America's largest security breaches ever -- and MOREJP Mangalindan, Writer - Jul 24, 2013 7:34 PM ET
Are China's hacker attacks and its anti-Apple campaign both preludes to a trade war?
FORTUNE -- Hillary Clinton and Admiral Mike Mullen. The nuclear weapons labs at Los Alamos and Oak Ridge. The U.S. Departments of Homeland Security, State, Energy and Commerce. The Wall Street Journal and the New York Times. Lockheed Martin, Dow Chemical and Coca Cola. Adobe, Yahoo and Google
That, according to an alarming (and alarmingly hawkish) article in the Wall Street Journal's weekend edition, is a partial MOREPhilip Elmer-DeWitt - Mar 31, 2013 8:02 PM ET
The programming platform Oracle inherited from Sun continues to plague Apple
FORTUNE -- "Java's not worth building in," Steve Jobs told the New York Times' John Markoff in 2007. "Nobody uses Java anymore. It's this big heavyweight ball and chain."
To Jobs' regret, Java did not disappear. The write-once-run-anywhere programming platform that Sun Microsystems developed and Oracle (ORCL) inherited continues to drag Apple (AAPL) down.
On Tuesday, with foreign hacker attacks on U.S. MOREPhilip Elmer-DeWitt - Feb 20, 2013 6:30 AM ET
For reasons unclear, the online store was not responding Wednesday morning
[UPDATE: As of 11:10 a.m. EST the store seems to be functioning properly. No new products that I can see. Never did get an explanation from Apple PR.]
[UPDATE 2: As of noon EST, the site seems to be misbehaving again. Still no word out of Apple.]
[UPDATE 3: Reader Mehdi Daoudi of Catchpoint Systems reports that the site had fully recovered MOREPhilip Elmer-DeWitt - Aug 17, 2011 9:51 AM ET
With hackers running riot on the Internet, here's how you can get paid to stop them.
By Alex Konrad, contributor
FORTUNE -- Don't let the headlines about New Corp.'s (NWSA) recent phone follies give you the wrong idea about hacking: Cyber crime is only getting more complex and dangerous, but it is creating new jobs for people who want to fight it. Recent high-profile hacks of government sites, Citigroup (C), and Sony MOREJul 22, 2011 5:00 AM ET
The vulnerability of 225 million iTunes credit card accounts has been grossly exaggerated
The headlines over the July 4th weekend were pretty scary.
Wall Street Journal: "Computer-Hacking Group Targets Apple In Latest Attack"
Financial Times: "Hackers Claim Attack on Apple Server"
Gizmodo: "Apple Is Latest Company To Feel the Might of AntiSec's Hacking Power"
Coming less than a month after Steve Jobs unveiled Apple's (AAPL) iCloud project, the reports had a predictably unsettling effect.
"WOW," wrote MOREPhilip Elmer-DeWitt - Jul 4, 2011 8:29 AM ET
It's hard to get a handle on the hacker community, but here's a look at the range of people -- from lone geeks to organized governments -- who could be behind recent security breaches.
FORTUNE -- The recent hacking headlines make it seem like we're in the middle of a cyberwar: In the past few weeks, there have been revelations of security breaches at organizations including Citigroup, Sony, the IMF, and MOREShelley DuBois, writer-reporter - Jun 16, 2011 1:58 PM ET
Jon and Michael debate the merits of Google (GOOG) pulling out of China over spying concerns.
>Ben Baer, Senior Producer - Mar 19, 2010 10:33 AM ET
In the latest installment of Connected, Fortune Senior Editor at Large Adam Lashinsky sits down with Adobe (ADBE) CEO Shantanu Narayen to discuss hacking threats from China and beyond, competing with tech giants Microsoft and Google and explaining the reasons behind the Omniture deal.
_____________________________________________________________Ben Baer, Senior Producer - Feb 11, 2010 1:14 PM ET
|Five things you didn't know about Bernie Madoff's epic scam|
|Homeless college students seek shelter during breaks|
|Don't fight it. Bitcoin has a bright future|
|JPMorgan patents Bitcoin-like payment system|
|Victoria's Secret model wears 3-D printed wings|