Home » technology

Tag: technology

Twitter Logo

Twitter’s abuse problem is, at heart, a technology problem

This is a damning summation of Twitter’s structural problems:

“It’s a technology company with crappy technologists, a revolving door of product heads and C.E.O.s, and no real core of technological innovation. You had Del saying, ‘Trolls are going to be a problem. We will need a technological solution for this.’” But Twitter never developed a product sophisticated enough to automatically deal with with bots, spam, or abuse. “You had this unsophisticated human army with no real scalable platform to plug into. You fast forward, and it was like, ‘Hey, shouldn’t we just have basic rules in place where if the suggestion is to suspend an account of a verified person, there should be a process in place to have a flag for additional review, or something?’ You’d think it would take, like, one line of code to fix that problem. And the classic response is, ‘That’s on our product road map two quarters from now.’”

Now, it’s a quote from a former executive, so should be taken with a substantial portion of salt.

But it does ring true.

Misreporting the TalkTalk hacking

Tom Morris does an excellent job of highlighting the flaws in the reporting of the TalkTalk hack:

What’s curious though is how the mainstream media have not really talked very much to security experts. Yesterday, I listened to the BBC Today programme—this clip in particular. It featured an interview with Labour MP Hazel Blears (who was formerly a minister in the Home Office) and Oliver Parry, a senior corporate governance adviser at the Institute of Directors.

And what the latter has to say is not what you’d call accurate:

This attack was a simple SQL injection attack. That threat isn’t “changing hour by hour, second by second”. It’s basic, common sense security that every software developer should know to mitigate, that every supervisor should be sure to ask about during code reviews, and that every penetration tester worth their salt will check for (and sadly, usually find).

The short version: TalkTalk’s website security appears to have been terrible, and by allowing inexpert talking heads to distract from that, we’re failing to report the true story – corporate security failings – rather than some vague idea of cyberjihadiis, which seems to have been nonsense all along.