A look back on Twitter

For the Record, I think that an application like Twitter is one that will be mimicked often from here on out. Being a fan of Blogging, I have no problem with the idea of a "Micro Blog" and believe that the concept will be seen for years to come. I also believe that an application like Twitter will be used widely by security professionals as not only a way to tweet or communicate, but a way to share resources quickly maybe changing the game from zerosec to zerotweet. I can already mentally see how superior the crew in the movie Hackers would have been, with the ability to tweet at each other to pool resources and communicate. There would simply have been no need for a movie they would have been so leet. It would have at least spared all of us from a sequel.

With all of the articles that are being posted on Twitter it is no secret that they have been plagued with one security issue after another. I myself was even able to jump on Twitter about three weeks ago, and within a couple of minutes find some severe security related issues that will need attention by the busy Twitter staff. Aviv Raff posted today that he is going to blog on "July: Month of Twitter Bugs" in which I will try to follow closely because I not only want to see what he digs up, but I am also confident that it will spark up a lot more issues from other security professionals regarding twitter and their lack of security.

With my post today, I wanted to bring a little bit of historical data to the story of Twitter and there is just some things that do not make a lot of sense to me when I go back and look at the details. One of the common tools that I use often when assessing the overall security of a website is www.archive.org . Going back and reviewing archived pages of a website can be useful in so many different ways, but to me twitter has a lot more to reveal.
Besides the observation that Twitter.com has most likely been plagued with security issues since day one, the first thing that I noticed was "Wow, Twitter has sure been around a long time, why has it seen an enormous amount of growth only recently. Stats on Complete.com show that Twitter is really a product of 2009 (can be argued, but the stats do show convincing evidence), and to be sitting there basically idle for so many years is just crazy to me. It really makes you feel that twitter was not ready for the super boom and it just came somewhat out of the blue. Now I know that there are a lot of factors that play into Twitters recent popularity including the recent boom in Web enabled Mobile Phones , but I would most likely attribute that the major cause for the spike in popularity of twitter is due to its marketing and public craze having the feeling that if you are not on twitter, then you are not up on the newest social playground. I see this type of marketing as being the future trend in social networking sites jumping from one popular service to another leaving the previous site dried up like a ghost town.

The question that has been mind bottling to me is, when does a company like twitter , take a step back and identify that security needs to be a very large aspect to their product? You would assume that increasing in popularity by some million fold percentage would do it or their increase in budget ( I am only assuming they have a larger budget now these days, if they dont, there is a larger issue than security going on). Is it possibly going to take the Month of July and all of its bug releases and Blogging to have them go into overdrive with security?

One of the largest realizations that I made when I first came into Web Application Security, was that large or small, every company or website can be plagued with issues and to not trust a large website just because it is large and everyone else is using it. Twitter can really reinforce this observation and hopefully will bring some light into peoples eyes. But then again, does it stop the public from tweeting.

I can honestly say, that by following other professionals or groups, Twitter has had a positive influence on myself in the world of security. Maybe their developers should add a few more Twits to follow like the entire group SecurityTwits.