Many of our readers have told us that the use of twitter by their employees and associates during a disruptive event is a component of their organization’s ongoing communications sector within their business continuity and/or disaster recovery plan(s).
For those readers who might not have followed the recent story of how a scripting worm struck twitter.com in September of this year, we would like to point their attention to a recent article written by Chad Perrin, posted on the TechRebuplic’s IT Security website, and entitled, “Five security lessons to learn from the Twitter worm”.
Our staff agrees with Chad Perrin’s position that all of us can learn a few security lessons from twitter’s mistake.
A summary of those lessons as quoted from Mr. Perrin’s article are as follows:
1. Sanitize all input, and always prefer sanitizing methods that are already tested and proven effective, all else being equal.
2. Double-check your output to make sure it does not affect the end user in surprising ways, such as the mouse over effects in web browser clients.
3. Use version control when developing software to help protect against errors creeping into code through source mismanagement.
4. Use automated testing suites to protect against regressions and other errors that might otherwise slip by your developers.
5. Do not underestimate the effect of a given vulnerability when it falls into the hands of someone with a more devious mind than yours.
Our staff still supports the use of social networks such as twitter for communicating in a disaster recovery mode and certainly when it is approved by and supported within your organization’s disaster recovery plan.
Click here to read the full article by Chad Perrin.
If you found this information applicable, please pass it along to the business continuity, network security assessment, risk management, information security, disaster preparedness and disaster recovery planning teams in your organization.