{"id":4445,"date":"2015-01-12T10:00:38","date_gmt":"2015-01-12T15:00:38","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=4445"},"modified":"2020-02-26T18:59:31","modified_gmt":"2020-02-26T14:59:31","slug":"10-best-tweets-on-security","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/10-best-tweets-on-security\/4445\/","title":{"rendered":"10 Best Tweets on Security in 2014"},"content":{"rendered":"<p>Last year, the IT security field was pretty eventful. There were a lot of incidents: from global vulnerabilities which affected millions of computers all over the globe to showdowns with local cybercriminals. Every one of these events were, in one way or another, connected with social networks \u2013 especially Twitter since it also acts as a news service. We collected the 10 best tweets related to an IT security event in 2014.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05111808\/twitter-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7127\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05111808\/twitter-1.png\" alt=\"twitter\" width=\"640\" height=\"420\"><\/a><\/p>\n<ol>\n<li>In March, a cybercriminal who acted on behalf of the \u2018Pump Water Reboot\u2019 hacker group started a series of DDoS attacks on several Russian web services \u2014 from popular online communities to some banks. Each victim was asked to pay a $1000 ransom to stop the attack.<\/li>\n<\/ol>\n<p>In this particular tweet, the criminal threatened one Russian banker, <a href=\"http:\/\/en.wikipedia.org\/wiki\/Oleg_Tinkov\" target=\"_blank\" rel=\"noopener nofollow\">Oleg Tinkov<\/a>, founder of Tinkoff Credit Systems, which is an online specialized bank.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"ru\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/olegtinkov?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@olegtinkov<\/a> \u041d\u0430 \u0432\u0430\u0448 \u0441\u0430\u0439\u0442 \u0432\u0435\u0434\u0435\u0442\u0441\u044f DDoS \u2013 \u0430\u0442\u0430\u043a\u0430. \u041c\u044b \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u043c \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \u0410\u0442\u0430\u043a\u0430 \u043f\u0440\u0435\u043a\u0440\u0430\u0442\u0438\u0442\u0441\u044f \u0435\u0441\u043b\u0438 \u0412\u044b \u0433\u043e\u0442\u043e\u0432\u044b \u0437\u0430\u043f\u043b\u0430\u0442\u0438\u0442\u044c 1 000$.<\/p>\n<p>\u2014 Pump Water (@PumpWaterReboot) <a href=\"https:\/\/twitter.com\/PumpWaterReboot\/status\/448201758574383104?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 24, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>(Translation from Russian: <em>Your site is under DDoS attack. We offer a solution for this problem. The attack will stop if you are willing to pay $ 1,000.)<\/em><\/p>\n<p>By the summertime, the cybervillain was caught by police and in a couple of months was sentenced to two and a half years of probation with a penalty of 12 million rubles (about $400,000). That\u2019s a lot for a <a href=\"https:\/\/threatpost.ru\/2014\/12\/15\/vymogatel-didoser_poluchil_uslovnyj_srok\/\" target=\"_blank\" rel=\"noopener nofollow\">19 years old student<\/a> who, as it turned out, happened to be the extortionist.<\/p>\n<ol start=\"2\">\n<li>The Heartbleed vulnerability threatened two thirds of the Internet. You can <a href=\"https:\/\/www.kaspersky.com\/blog\/?s=heartbleed&amp;submit=Search\" target=\"_blank\" rel=\"noopener nofollow\">learn more details in our blog posts<\/a>. The short version of what happened and how it worked is best described by this xkcd comics author:<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Heartbleed <a href=\"http:\/\/t.co\/wxVnw6YK6Q\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/wxVnw6YK6Q<\/a> <a href=\"http:\/\/t.co\/j1iYb4DC7l\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/j1iYb4DC7l<\/a> <a href=\"http:\/\/t.co\/ekr3nFr1oW\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ekr3nFr1oW<\/a><\/p>\n<p>\u2014 XKCD Comic (@xkcdComic) <a href=\"https:\/\/twitter.com\/xkcdComic\/status\/453769048900526080?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 9, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Heartbleed\u2019s consequences will haunt us for a long time: there are tens of thousands of vulnerable servers still not updated. And many of them will never be able to get rid of this vulnerability.<\/p>\n<ol start=\"3\">\n<li>For us, the best tweet of the year was created by people from \u2014 you won\u2019t believe it! \u2014 the CIA. It\u2019s nice to see that even these tough guys have a sense of humor.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We can neither confirm nor deny that this is our first tweet.<\/p>\n<p>\u2014 CIA (@CIA) <a href=\"https:\/\/twitter.com\/CIA\/status\/474971393852182528?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">June 6, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ol start=\"4\">\n<li>In mid-August, something that happens to almost everyone involved in modern politics struck Russia\u2019s Prime Minister Dmitry Medvedv: someone hacked (and made fun of) his Twitter account.<\/li>\n<\/ol>\n<p>\u00a0<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05102821\/medvedev-was-hacked.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7125\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05102821\/medvedev-was-hacked.png\" alt=\"medvedev-was-hacked\" width=\"576\" height=\"130\"><\/a><\/p>\n<p>\u00a0<\/p>\n<p>(Translation from Russian: <em>I resign. I am ashamed of the government\u2019s actions. I\u2019m sorry<\/em>.)<\/p>\n<p>At the same time, Medvedev\u2019s other accounts were also hacked. This led to a leak of private photos and correspondences from Medvedev\u2019s mobile devices. However, all tweets written by hackers were subsequently removed. What happened to the attackers \u2013 if they were even caught \u2013 is still unknown.<\/p>\n<ol start=\"5\">\n<li>Two weeks later, there was another leak and this one was massive: Somebody posted <a href=\"https:\/\/www.kaspersky.com\/blog\/celebrity-photos-leaked\/\" target=\"_blank\" rel=\"noopener nofollow\">lots of private photos of several naked celebrities<\/a>, including Jennifer Lawrence.<\/li>\n<\/ol>\n<p>https:\/\/twitter.com\/YahoodiSaazish\/status\/506139424426446848<\/p>\n<p>This leak was immediately named \u2018The Fappening\u2019 and rocked the whole world. Celebrities got way more attention than usual and web services that published photos got good profits from ads. In particular, one popular website, Reddit, got so much money in just a few days they had enough to support the project for a month.<\/p>\n<ol start=\"6\">\n<li>Autumn was especially eventful. In September, a new fundamental vulnerability was found in Bash shell. Now it is known as <a href=\"https:\/\/www.kaspersky.com\/blog\/what_is_the_bash_vulnerability\/\" target=\"_blank\" rel=\"noopener nofollow\">Bashdoor or Shellshock<\/a>. It was the second time in one year that millions of computers, mostly servers, were compromised. The man who had discovered this bug didn\u2019t post anything on his Twitter account immediately. But later he posted worthwhile tweets with an explanation that this vulnerability had probably originated as early as 1989, i.e. 25 years ago.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Shellshock was actually introduced in bash-1.03 (1989, 25y ago), not 1.13 as Chet, I and others have said earlier (<a href=\"http:\/\/t.co\/LC5TEqpqkx\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/LC5TEqpqkx<\/a>)<\/p>\n<p>\u2014 Stephane Chazelas (@SChazelas) <a href=\"https:\/\/twitter.com\/SChazelas\/status\/518316463225315328?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 4, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Bashdoor bug, as well as the above mentioned Heartbleed, will haunt us for a very long time.<\/p>\n<ol start=\"7\">\n<li>A couple of weeks later the world found out about another global threat. In early October, two researchers announced that every USB device on the planet is fundamentally vulnerable. For some reason, these guys didn\u2019t talk about this discovery, but we did:<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">BadUSB research: \"You can\u2019t trust anything you plug into your PC, not even a flash drive\"  <a href=\"https:\/\/t.co\/kOkdrw8dEZ\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/kOkdrw8dEZ<\/a> <a href=\"http:\/\/t.co\/ANYpF01EY6\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ANYpF01EY6<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/518055653172985856?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 3, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It is still unclear what we should do globally to protect ourselves from this bug. There is only one known good practice for protection: do not use unknown USB devices, including, but not limited to, keyboards and mice.<\/p>\n<ol start=\"8\">\n<li>In mid-October there was another leak. This time, victims were Dropbox users. Company representatives promptly declared the service wasn\u2019t hacked and the leaked data was collected in some other way.<\/li>\n<\/ol>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Reports claiming we\u2019ve been hacked aren\u2019t true. Your stuff is safe. More info on our blog: <a href=\"http:\/\/t.co\/vI6sfNjC4Z\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/vI6sfNjC4Z<\/a><\/p>\n<p>\u2014 Dropbox Support (@DropboxSupport) <a href=\"https:\/\/twitter.com\/DropboxSupport\/status\/521902976990859264?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 14, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Many people believe Dropbox had been hacked though, and that the company preferred to \u201cnegotiate\u201d with the intruders privately rather than lose its reputation.<\/p>\n<ol start=\"9\">\n<li>The end of October was marked by an event that many people didn\u2019t pay enough attention to: <a href=\"https:\/\/www.kaspersky.com\/blog\/twitter-digits-new-authentication\/\" target=\"_blank\" rel=\"noopener nofollow\">Twitter announced plans to replace passwords<\/a> with another, more advanced authentication system. And not only passwords for the accounts of its own users: Twitter offered third-party developers to use the Digits platform to authenticate users in their applications as well.<\/li>\n<\/ol>\n<p>https:\/\/twitter.com\/digits\/status\/524977241780805632<\/p>\n<p>There have been many attempts to get rid of passwords and, as we have seen, nobody has been able to achieve this so far. But it is possible that Twitter will succeed and in a few years we will finally stop using this old authentication method.<\/p>\n<p style=\"text-align: left; padding-left: 30px;\">10. As for passwords: Never store them in an unencrypted file on your PC. Otherwise, you will face the same consequences as Sony Pictures. The company was massively attacked by a GOP hackers group. Before the attack was launched, cybercriminals had stolen one of Sony Pictures Twitter accounts and mentioned the company\u2019s CEO in a warning of the future hack.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05102819\/hacked-by-gop-sony-pictures-starship-troopers.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7128\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05102819\/hacked-by-gop-sony-pictures-starship-troopers.png\" alt=\"hacked-by-gop-sony-pictures-starship-troopers\" width=\"579\" height=\"377\"><\/a><\/p>\n<p>Unfortunately, the hackers were not limited to threats and Sony Pictures has been in personal info leakage hell \u2013 and they weren\u2019t ready for it at all. You can <a href=\"https:\/\/www.kaspersky.com\/blog\/sony-hack-north-korea\/\" target=\"_blank\" rel=\"noopener nofollow\">learn more about what happened with Sony in our blog post<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We collected the 10 best tweets related to an IT security event in 2014.<\/p>\n","protected":false},"author":214,"featured_media":4446,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[876,872,877,77,93,878,558,1183,426,97,808,161,875,874],"class_list":{"0":"post-4445","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-bashdoor","9":"tag-breach","10":"tag-cia","11":"tag-cybercrime","12":"tag-cybercriminals","13":"tag-digits","14":"tag-heartbleed","15":"tag-leaks","16":"tag-mobile-devices","17":"tag-security-2","18":"tag-shellshock","19":"tag-sony","20":"tag-tweets","21":"tag-twitters"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/10-best-tweets-on-security\/4445\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/10-best-tweets-on-security\/4506\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/10-best-tweets-on-security\/4977\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/10-best-tweets-on-security\/5278\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/10-best-tweets-on-security\/6539\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/10-best-tweets-on-security\/7124\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/10-best-tweets-on-security\/5927\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/10-best-tweets-on-security\/6539\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/10-best-tweets-on-security\/7124\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/10-best-tweets-on-security\/7124\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/bashdoor\/","name":"bashdoor"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/214"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4445"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4445\/revisions"}],"predecessor-version":[{"id":15967,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4445\/revisions\/15967"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/4446"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}