Site icon Sophos News

News in brief: ministers ‘not securing Twitter accounts’; dark web bug bounty; move on fake news in France

Your daily round-up of some of the other stories in the news

Prime minister’s Twitter account ‘could be compromised’

Senior members of the UK government aren’t taking enough precautions to secure their Twitter accounts, Buzzfeed reported on Monday.

Of the 19 who use Twitter, 11 hadn’t set their security to prompt for the user to input their email address or phone number to start the password reset process. This means that anyone who tries to reset the password of someone who hasn’t take precautions is presented with a partially redacted representation of the email address associated with the account.

Buzzfeed quoted Mustafa Al-Bassam, a volunteer at Privacy International, who said: “If hackers can learn the email address that you use for Twitter, then it makes it easier to compromise your Twitter account.” He pointed out that if the email address can be worked out, a hacker could then target it with phishing attacks designed to harvest passwords.

When we checked on Monday afternoon, Theresa May, the prime minister, and Boris Johnson, the foreign secretary, still had not secured their Twitter accounts.

Last week it was pointed out that US president Donald Trump also hadn’t secured his Twitter account, but when we checked on Monday the setting had been changed.

It’s not only politicians who risk being compromised: you can check your Twitter account by going to your settings page and under the Security and Privacy tab, making sure you’ve ticked the option that says “Require personal information to reset my password”.

Dark web marketplace offers bug bounties

Bug bounty programs are increasingly common among big web companies, and now they seem to be spreading to the dark web, too.

The move, from the Hansa dark web marketplace, shouldn’t come as any surprise: it’s in their interests to be as secure as possible, not least because if hacked, their users are unlikely to go the police to complain they’ve been a victim of cybercrime.

Hansa said in its announcement that it was offering rewards of up to 10 bitcoin ($10,224) for discovering and reporting a bug that could threaten the marketplace’s integrity, such as revealing the IP addresses or personal information of vendors or users. Non-critical bugs or vulnerabilities could earn a reward of 1BTC, while simple bugs are worth 0.5BTC.

Google, Facebook join French media to combat ‘fake news’

Google and Facebook are joining forces to help French newsrooms tackle the rising tide of “fake news” in the run-up to the country’s presidential elections as fears rise that the polls there are vulnerable to “Russian meddling”.

CrossCheck will be a collaborative verification platform, led by not-for-profit First Draft News, and brings together 17 French media partners, including AFP, Buzzfeed News and Les Echos.

The aim, said David Dieudonné of Google’s News Lab, is to help French voters “make sense of what and who to trust in their social media feeds, web searches and general online news consumption”.

The news came as Wikileaks said on Twitter that it was dumping more than 3,500 documents about candidate François Fillon, sparking further concern about how Russia might be using Julian Assange’s service to influence voters.

Catch up with all of today’s stories on Naked Security


Exit mobile version