Happy Wednesday! Let’s get things going with a joke today.
During a recent password audit, it was found that one employee was using the following password:
When asked why the password was so long, the employee replied: “Because it has to contain at least eight characters and one capital.”
All joking aside, password protection is a hugely important and often overlooked aspect of online security. If you’re a high profile public figure, the risk of having your account hacked and your image damaged is a very real and scary prospect. What if your Facebook account was used to promote controversial topics? Or your Twitter was used to send hateful messages under your name?
Forbes recently brought to light an even greater risk to Twitter security, which left one NY Times columnist apparantly voicing support for Wikileaks and attacking the White House. And in this instance his account wasn’t even hacked.
Instead of hacking his account, it was spoofed, meaning an almost identical account was created, complete with profile picture and almost identical username. Forbes tested this method and discovered that it takes less than five minutes to set up a spoof account. The trick is to use a different combination of upper and lower case letters in the user name.
In the case of NY Times columnist Bill Keller, one of the L’s in his Twitter handle @nytkeller was replaced with an uppercase I @nytkelIer, which is obvious on most screens, but disguised when seen on Twitter’s interface.
The spoof account was used to link to a fake NY Times article, which called for Wikileaks, and all journalists who report on it, to be protected under the first amendment. For hours, the Internet was buzzing with the news that, while Keller had previously shown a dislike for Assange, he was now voicing support for Wikileaks.
This isn’t the first time a spoof website has fooled the general population of the Internet and gained the illustrious trending status. Earlier this month, Greenpeace launched a spoof website intended to look like it was owned by Shell. They even set up a fake marketing campaign which offered users the chance to write a slogan for Shell’s Arctic drilling campaign.
The website was convincing at first glance, but further inspection revealed some aspects which were just too outlandish, such as the “Angry Bergs” game for kids. What is most surprising is that Shell have decided not to take legal action against the environmentalist group.