NETWORK SECURITY

QUIZ-ASSIGNMENT
CNET-221(063)(summer 13)

Mohit Dhawan (300734310)

7/21/2013

QUIZ-ASSIGNMENT
Q1- Why Twitter is taking this measure? One of the main basic key elements in Information security/network security is securing data with proper AUTHENTICITY which means that the data, transactions, communications or documents are not copied or falsified but genuine. Simply it means the person using the information is authorized and validated by some sort of unique attributes like USERNAME and PASSWORD. Some information security systems also deploy special authentication features such as trademark sign which gives evidence that the message data is genuine and was sent by someone possessing the proper signing key. Once the user is validated, and authorized through authentication, he/she can use the data in their own way, alter it in a certain ways or alike, so it becomes utmost essential responsibility on the organization providing networking facilities that they should consider This key element feature of security as a most crucial factor while implementing their services, because if this security factor is breached, immediately the most useful data placed on their site becomes vulnerable for the hackers or other outside world and later on they had to use additional security measurements. Similar case happens with most famous micro-blogging networking site TWITTER. Twitter was encountering so many security breaches in start of this year and finally they announced it had been breached which caused the data of 250,000 Twitter users to become vulnerable. The company said in a blog spot that it detected unusual access patterns earlier this week and found that user information usernames, e-mail addresses and encrypted passwords for 250,000 users may have been accessed in what it described as a sophisticated attack. so they had to took some serious steps which should ensure proper security features.

2|Page

QUIZ-ASSIGNMENT
2-what were the background complaints leading up to this action

There were lots of complaints during start of this year regarding the problems associated with twitters security, and they came into notice when the bigger organizations start getting affected few of them are:

The worst case happened in April when the Associated Press's feed was hacked. It was all done by a group named Syrian Electronic Army what these guys did that they make use of a false tweet claiming President Obama had been injured in a bomb attack - briefly causing a dip in US stock markets.

The other case happened was in February Twitter Hacking Puts Focus on Security for Brands like Burger king By TANZINA VEGA and NICOLE PERLROTH (Published: February 24, 2013,http://www.nytimes.com/2013/02/25/technology/twitter-hacks-force-companies-toconfront-security-on-social-media.html?pagewanted=all&_r=0)

There are other Organizations too including the Guardian, FT, and BBC which have also been hacked by the same group.

These all events or say accident on part of twitter has raised questions on the security of social media passwords and the ease with which they obtain access to brand, or other organizations accounts. Logging on to Twitter is the same process for a company as for a consumer, requiring just a user name and one password. But the actual problem according to Jim Prosser, a spokesman for Twitter, is due to vulnerability in Oracles Java software. Java is installed on the end devices and has always dealing with the

3|Page

QUIZ-ASSIGNMENT
security problems. Some time before when a security researcher found a serious vulnerability problem in the software, the Department of Homeland Security warned users to disable Java on their computers. It was essential because this problem was letting attackers to download a malicious program onto the victims machine without any notification. The program was powerful enough to simply download itself.

3- Give details of the process that Twitter is recommending to follow

Twitter has used a simple but powerful two-factor authentication like the other growing group of tech companies to maintain the important security feature. Two-factor authentication can help mitigate the damage of a password breach or phishing attack.

It works exactly the way deadbolt on the locking door or lock code on smart phone or bouncer at outside club. As in a password login, it just checks whether password is correct or not because anyone who knows password can have access. Adding a second security like checking something like your phonemeans that even if your password is compromised by, say, a key logger in an Internet cafe, or through a company's security breach, your account is safe.

And the method is simple as follows:

1. Twitter users open their account settings. There is a link to sign up for two-step verification.

2. It will then ask for either a already confirmed email address associated with users account or a phone number which is verified by six digit code.

3. This process adds an extra security layer to Twitter logins.

4|Page

QUIZ-ASSIGNMENT

4- Will Twitter succeed in their objective, give your professional opinion.

Yeah! Definitely it is one of two best approaches that are available to stop the security breaching. I hope it is going to work best just not because of they follow what other big organizations like face book or Google corporations are doing. They have deployed this facility a step ahead by asking for the verification code every time a USER login in to his account even though he is logging in from the same device each time. No doubt its a little inconvenient but powerful in terms of providing secure confidentiality and security, but yeah it does not means the users can relax or should depend upon twitter persons, in fact they should reset their passwords often and make sure they not use the same password for each online account. Because no matters how high the security features a company deploys, if users is not able to keep his password confidential , all efforts results in vain.

5|Page

QUIZ-ASSIGNMENT References
http://www.nytimes.com/2013/02/25/technology/twitter-hacks-force-companies-to-confrontsecurity-on-social-media.html?pagewanted=all&_r=0) http://bits.blogs.nytimes.com/2013/02/01/twitter-hacked-data-for-250000-users-stolen/ Mohammad I. Khan (Instructor CNET-221). Quiz assignment .Retrieved from https://e.centennialcollege.ca/d2l/lms/content/viewer/main_frame.d2l?ou=98885&tId=1387429 Parker Higgins. How to Enable Two-Factor Authentication on Twitter .Retrieved from https://www.eff.org/deeplinks/2013/05/howto-two-factor-authentication-twitter-and-around-web on jul 21,2013

6|Page