{"id":5278,"date":"2015-01-12T09:53:28","date_gmt":"2015-01-12T14:53:28","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5278"},"modified":"2020-02-26T15:10:48","modified_gmt":"2020-02-26T15:10:48","slug":"10-best-tweets-on-security","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/10-best-tweets-on-security\/5278\/","title":{"rendered":"10 Best Tweets on Security in 2014"},"content":{"rendered":"<p>Last year was\u00a0an\u00a0eventful one for the IT-security field. There were a lot of incidents, starting with global vulnerabilities to showdowns with local cybercriminals. \u00a0So, as way of looking back we decided to pull together ten of the best security related tweets.<\/p>\n<p>Did we miss one? \u00a0Let us know in the comments below!<\/p>\n<p><strong>1. Pumpwater<\/strong> \u2013 In March a cyber-criminal who acted on behalf of \u2018Pump Water Reboot\u2019 hacker group started a series of DDoS attacks on a bunch of Russian web services \u2014 from popular online communities to banks. Each victim was asked to pay $1000 ransom to stop the attack.<br>\nIn this particular post, the criminal threatened a Russian banker, Oleg Tinkov, founder of Tinkoff Credit Systems which is online specialized bank.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"ru\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/olegtinkov?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@olegtinkov<\/a> \u041d\u0430 \u0432\u0430\u0448 \u0441\u0430\u0439\u0442 \u0432\u0435\u0434\u0435\u0442\u0441\u044f DDoS \u2013 \u0430\u0442\u0430\u043a\u0430. \u041c\u044b \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \u0410\u0442\u0430\u043a\u0430 \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u0438\u0442\u0441\u044f \u0435\u0441\u043b\u0438 \u0412\u044b \u0433\u043e\u0442\u043e\u0432\u044b \u0437\u0430\u043f\u043b\u0430\u0442\u0438\u0442\u044c 1 000$.<\/p>\n<p>\u2014 Pump Water (@PumpWaterReboot) <a href=\"https:\/\/twitter.com\/PumpWaterReboot\/status\/448201758574383104?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 24, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>(Translation: Your site is under DDoS attack. We offer a solution to this\u00a0problem. The attack will stop if you are willing to pay $ 1,000.)<\/p>\n<p>It didn\u2019t take long for things to happen: by the summer, the criminal was caught by police and was sentenced to 2.5 years of probation and a fine of 12 million rubles (about $400,000 at that moment).<\/p>\n<p><strong>2. Heartbleed<\/strong> \u2014 The vulnerability that threatened over two thirds of the internet. If you\u2019re unsure what the Heartbleed bug is, you can get up to date on our blog post here. \u00a0However, if you\u2019re after a succinct and precise explanation, look no further than XKCD:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Heartbleed <a href=\"http:\/\/t.co\/wxVnw6YK6Q\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/wxVnw6YK6Q<\/a> <a href=\"http:\/\/t.co\/j1iYb4DC7l\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/j1iYb4DC7l<\/a> <a href=\"http:\/\/t.co\/ekr3nFr1oW\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ekr3nFr1oW<\/a><\/p>\n<p>\u2014 XKCD Comic (@xkcdComic) <a href=\"https:\/\/twitter.com\/xkcdComic\/status\/453769048900526080?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 9, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Despite all the press attention that the bug received (it even got it\u2019s own logo) there\u2019s still tens of thousands of compromised servers out there.<\/p>\n<p><strong>3. The CIA join Twitter<\/strong> \u2013 In our opinion, the best tweet of the year was\u00a0goes to (believe it or not) the CIA. \u00a0It just goes to show that even brands such as this can use social media well:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We can neither confirm nor deny that this is our first tweet.<\/p>\n<p>\u2014 CIA (@CIA) <a href=\"https:\/\/twitter.com\/CIA\/status\/474971393852182528?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 6, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>4. Russian PM Twitter<\/strong> \u2013 In mid-August there was that sooner or later happens with almost every modern politics. Someone hacked Twitter account of Russia\u2019s Prime Minister Dmitry Medvedev and made a lot fun of it.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/01\/05195745\/medvedev-was-hacked1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5282\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/01\/05195745\/medvedev-was-hacked1.png\" alt=\"medvedev-was-hacked\" width=\"576\" height=\"130\"><\/a><\/p>\n<p>(translation from Russian: I resign. I am ashamed of the government\u2019s actions. I\u2019m sorry.)<\/p>\n<p>At the same time other accounts of Medvedev were also hacked, which led to private photos and correspondence from Medvedev\u2019s being leaked. \u00a0All these posts have subsequently been removed and the whereabouts of the hackers remains unknown.<\/p>\n<p><strong>5. Celebrity leaks<\/strong> \u2013 Two weeks later there was another <a href=\"https:\/\/www.kaspersky.com\/blog\/celebrity-photos-leaked\/\" target=\"_blank\" rel=\"noopener nofollow\">leak<\/a>,\u00a0this time on a much larger scale was to happen. \u00a0Leaked nude images of celebrities was about to cause a social media storm.<\/p>\n<p>https:\/\/twitter.com\/YahoodiSaazish\/status\/506139424426446848<\/p>\n<p>Subsequently nick-named \u201cThe Fappening\u201d by Reddit users, there was huge publicity around the pictures, but not just because of the nature of the images. \u00a0Apple\u2019s iCloud services, where the pictures had been stored took a lot of flack for their encryption. \u00a0Apple would later announce full encryption as part of iOS 8.<\/p>\n<p><strong>6. Shell-shocked<\/strong> \u2013 Autumn was especially eventful. In September a new vulnerability was found in Bash shell. Popularly known as <a href=\"https:\/\/www.kaspersky.com\/blog\/what_is_the_bash_vulnerability\/\" target=\"_blank\" rel=\"noopener nofollow\">Bashdoor or Shellshock<\/a>, it was second time\u00a0within one\u00a0year where\u00a0millions of computers (mostly servers) were compromised. The man who has discovered this bug didn\u2019t post anything in his Twitter immediately. However, later he posted that the bug was not actually that new at all:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Shellshock was actually introduced in bash-1.03 (1989, 25y ago), not 1.13 as Chet, I and others have said earlier (<a href=\"http:\/\/t.co\/LC5TEqpqkx\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/LC5TEqpqkx<\/a>)<\/p>\n<p>\u2014 Stephane Chazelas (@SChazelas) <a href=\"https:\/\/twitter.com\/SChazelas\/status\/518316463225315328?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 4, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Similar to Heartbleed, Shellshock will haunt IT security for years to come.<\/p>\n<p><strong>7. BADUSB<\/strong> \u2013 A couple of week later the world found out about another global threat: in early October two researchers announced that every USB-device on the planet is fundamentally vulnerable. For some reasons, these guys didn\u2019t talk about this it, but we did:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">BadUSB research: \"You can\u2019t trust anything you plug into your PC, not even a flash drive\"  <a href=\"https:\/\/t.co\/kOkdrw8dEZ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/kOkdrw8dEZ<\/a> <a href=\"http:\/\/t.co\/ANYpF01EY6\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ANYpF01EY6<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/518055653172985856?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 3, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It is still unclear what we should do globally to protect ourselves from this bug. There is only one known good practice: do not use untrusted USB-devices and that even includes mice and keyboards.<\/p>\n<p><strong>8. Dropbox hacked?<\/strong> \u2013 In mid-October there was another leak, this time victims were Dropbox users. Company representatives promptly declared that service wasn\u2019t hacked and leaked data was collected in some other ways.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Reports claiming we\u2019ve been hacked aren\u2019t true. Your stuff is safe. More info on our blog: <a href=\"http:\/\/t.co\/vI6sfNjC4Z\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/vI6sfNjC4Z<\/a><\/p>\n<p>\u2014 Dropbox Support (@DropboxSupport) <a href=\"https:\/\/twitter.com\/DropboxSupport\/status\/521902976990859264?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 14, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>9. Introducing Digits<\/strong> \u2013 The end of October was marked by event that (sadly)\u00a0didn\u2019t receive enough attention. <a href=\"https:\/\/www.kaspersky.com\/blog\/twitter-digits-new-authentication\/\" target=\"_blank\" rel=\"noopener nofollow\">Twitter announced<\/a> plans to replace passwords with another, more advanced authentication system. And not only passwords for the accounts of its own users: Twitter offers third-party developers the ability to use the system as well.<\/p>\n<p>There were many attempts to get rid of passwords and, as we have seen, nobody has been able to achieve this so far. But it is possible that Twitter will succeed and in a few years we will finally stop using this old good authentication method.<\/p>\n<p><strong>10.\u00a0Sony<\/strong> \u2013\u00a0As for passwords: <strong>never<\/strong> store it in unencrypted file on your PC. Otherwise, you may well face the same thing that happened to\u00a0Sony Pictures.\u00a0The, now infamous hack, was preluded by the hacking of the Starship Troopers twitter account:<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/01\/05195744\/hacked-by-gop-sony-pictures-starship-troopers.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5283\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/01\/05195744\/hacked-by-gop-sony-pictures-starship-troopers.png\" alt=\"hacked-by-gop-sony-pictures-starship-troopers\" width=\"579\" height=\"377\"><\/a><\/p>\n<p>The aftermath was swift and brutal with everything from emails to movies being dumped on file-sharing sites across the world. \u00a0Sony have been widely criticised by IT professionals for poor security pratices (yes, even keeping passwords in plain text files.)\u00a0You can learn more about what happened with Sony in our <a href=\"https:\/\/www.kaspersky.com\/blog\/sony-hack-north-korea\/\" target=\"_blank\" rel=\"noopener nofollow\">blog post<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last year was\u00a0an\u00a0eventful one for the IT-security field. There were a lot of incidents, starting with global vulnerabilities to showdowns with local cybercriminals. \u00a0So, as way of looking back we<\/p>\n","protected":false},"author":214,"featured_media":5279,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2026],"tags":[866,863,867,77,93,868,577,1101,434,97,810,161,865,864],"class_list":{"0":"post-5278","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-bashdoor","9":"tag-breach","10":"tag-cia","11":"tag-cybercrime","12":"tag-cybercriminals","13":"tag-digits","14":"tag-heartbleed","15":"tag-leaks","16":"tag-mobile-devices","17":"tag-security-2","18":"tag-shellshock","19":"tag-sony","20":"tag-tweets","21":"tag-twitters"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/10-best-tweets-on-security\/5278\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/10-best-tweets-on-security\/4506\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/10-best-tweets-on-security\/4445\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/10-best-tweets-on-security\/4977\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/10-best-tweets-on-security\/6539\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/10-best-tweets-on-security\/7124\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/10-best-tweets-on-security\/5927\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/10-best-tweets-on-security\/6539\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/10-best-tweets-on-security\/7124\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/10-best-tweets-on-security\/7124\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/bashdoor\/","name":"bashdoor"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/214"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5278"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5278\/revisions"}],"predecessor-version":[{"id":19176,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5278\/revisions\/19176"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/5279"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}