Category: Security


Cloud computing enables applications and services maintained by remote servers, thereby reducing our hardware requirements.

We can see the trend moving in that direction. Tablets, smartphones, Ultrabooks and Macbook Airs (not an Ultrabook) are evidence of this.

However, immersing fully into a life up in the cloud is not without its risks.

We as consumers, are relinquishing control of data to a remote server and with that, run the risk of security breaches.

WIRED writer Matt Honan experienced these problem when his iCloud and Amazon accounts were hacked. There was no fancy algorithms involved in the hack. The hackers merely followed the breadcrumbs of connections from Matt’s Twitter account. These hacks highlighted Amazon’s and more crucially, Apple’s iCloud service.

He wrote a detailed account of the events that led the hacking. Despite the rather painful experience, he is objective in his assessment of the situation.

Tips to living more securely in the cloud:

  • Do not daisy chain your email, Twitter, Facebook accounts.
  • Create stronger passwords different for each account.
  • Create a separate email which functions specifically as a recovery address.
  • If you’re using Gmail services, enable two-step verification of your account.

No method is 100% secure. However, these measures reduces one’s chances of being compromised in the cloud.

I had received an email update from Twitter yesterday informing me about two important updates which relates to their authentication process.

The 2nd update is the provision of a new simplified URL link wrapping service which is coupled with a Twitter website authentication process to protect the user from malware. That’s decent.

However, the 1st update irked me.

The 1st update is the mandatory implementation of authentication technology called “OAuth”. This technology is to be used in all Twitter desktop and mobile clients for access to your Twitter user account. OAuth is an emerging authentication standard which is adopted by a large number of social networking services.

The OAuth standard is defines a key step in the handover of a users’ info to a third party application and it also allows users to selectively revoke the said application from accessing their account info.

Currently, the Basic Authentication process involves providing desktop application with a username and password to access the web based service of the said application. This is a all or nothing access system where complete access to the user’s account is provided by a mere username and password. The problem arises when this login info is accessed and brings about a security breach. Currently there is no way to disable a third party application with the Basic Authentication method.

The OAuth protocol intends to make the authentication process more secure.

However, the process is a cumbersome one from the developer perspective. The current OAuth Standard  increases the susceptibility of phishing- a matter of concern for end users.

The current version of OAuth protocol(version 1.0a) is an is a poor implementation of the protocol and this is the version the version that is being adopted by Twitter.

Whilst, Twitter has made some provisions to increase its security measures with OAuth 1.0a, there are more cons than pros with this implementation.

I am concerned and I will be somewhat guarded using my Twitter account in the near future.

Ars Technica has two good articles on this issue. It is somewhat technical but worth the read for those who intend to further understand this protocol. It is has important long term implications for those who are active users of web based services.

The articles can be accessed via these links: