What You Can Learn From The Twitter Hack

Показать описание

🚨 IMPORTANT:

Recently, Twitter was the victim of a $100,000+ hack that effected hundreds of users. While you may think this was the cause of some clever computer programmer hacking into Twitter's defenses, in actuality, this hack was caused by Twitter's own internal development tools. These tools were leaked via a social engineering hack which led to hundreds of huge accounts posting messages that scammed hundreds of innocent people out of their own money.

In this video I will be explaining exactly how this hack happened, how Twitter messed up, and what you can learn from Twitter's mistakes.

🧠 Concepts Covered:

- What social engineering is
- How to avoid social engineering
- What happened with the Twitter hack

🌎 Find Me Here:

#SocialEngineering #WDS #TwitterHack

Рекомендации по теме

Комментарии

Your channel is that one channel that I can trust with my eyes closed, LITERALLY.
The best programming channel ever

FalseDev

Just came here from the "How to make tabs with HTML/CSS" video and I have to say, I love this channel so much man!

tsg

They found the login in an internal Slack channel

dkras

Was it technically even a hack ? Given that the credentials for an internal tool used by support team got leaked.

Picking a lock without key is different from getting hold of the key.

pandit-jee-bihar

Really nice breakdown, getting straight to the point!

adamaaronson

Though I'm nowhere near being part of a giant like Twitter, I must say I was hooked for 14 mins. Kyle, you have amazing narration skills too! A great, enlightening video as always. Thank you!
PS - I loved how non-judgy you were towards the victims of the hack too 😊

nsharma

We don’t know how much of that $100k is actually from victims, it could easily have just been the scammers sending their own Bitcoin to make it look like people were sending funds to the address.

martinlutherkingjr.

If I have an employee that just give or say something like "hey here's the development tools that can access anything you like or something"
Not only he/she gonna get fired. He or she may also be sued or something.

asagiai

Admin CPs (control panels) are a necessity for a "live" product like Twitter. There's really no reason to completely neuter them in your production environment -- the problem should be addressed by maintaining limited access to the CP. You should have different tiers of admin rights, and accessing the CP should be extremely difficult, like every login requiring 2FA and maybe even that admins be on company VPN.

mykalimba

UPDATE: 5:08 You were completely correct!. Twitter posted an update late Thursday on the situation

DarylLegion

Your channel is the best, 10/10 and will check out your contents regularly!

mk

Thank you for highlighting this! Its a important learning for Web Developers!

kanz

I appreciate what you are saying. But, You are continually wrongly referring to it as a "Development tool". Rather it is a "Production Support tool" which is much needed for live/ real-time support assurance. I do agree on how Twitter and companies alike, need to review and revisit their resource access/ security policies and back up measures (like multi-level alerting/ approvals) etc.

harry-cee

Interesting video! And the hackers companies hire are called White Hats, pentesters, or ethical hackers. They have a specified amount of time to find as many flaws as they can and generate a report based on their findings, for the company to review & mitigate security flaws.

deniskomarov

that is why there are identity and access management & previleged access management tools

froozynoobfan

Really glad that I found and subscribed to this channel.
Keep up the good work man!

grayhat_x

12:38 make me think of Mike Ehrmantraut, from breaking bad, when he was hired as a Security Consultant

s.e.

Kyle, I think you are thinking too high of Twitter. I used to work with Facebook, Amazon and Apple engineers. Their development processes are chaotic and very disorganized (from team to team though). Especially in Facebook, where the company itself is "developer-driven" (i.e. no formal processes). I imagine that similar shit show happens in Twitter.

tacowilco

Can you recommend any resources or tutorials that show how to implement good/solid security protocols on a Node back-end and React front end?

yellemonster

companies who put backdoors into their products should see this coming, and a lot of people don't even realize they have a backdoor, i'm sure you don't know that they're is a backdoor in you're cpu

universenerdd

What You Can Learn From The Twitter Hack

What you can learn from a quick step on lava.

NEUROSCIENTIST: LATEST STUDY on how you can LEARN 20X FASTER | Andrew Huberman

What can we learn from toddlers? ⏲️ 6 Minute English

You Can Learn Anything

4 Life Lessons You Can Learn From Elon Musk

What You Can Learn from People Who Disagree With You | Shreya Joshi | TED

What the World Can Learn From China’s Innovation Playbook | Keyu Jin | TED

What We Can Learn From Fish

Why These Huge Sports Brands Failed And What You Can Learn From Their Mistakes

🚀 What you can learn from Elon Musk? Uncovering the secrets of success

You Can Learn Anything on YouTube

What we can learn from the African philosophy of Ubuntu - BBC REEL

What We Can Learn About Life From A Potato, Eggs, And Coffee ft. Jay Shetty

Secrets You Can Learn From Your Customers

Pay attention and you can learn a lot

What We Can Learn From Nature | Janine Beynus

Let's talk about what we can learn from a black Little Mermaid....

What EVERY PRODUCER can learn from Kanye West

What we can learn from narcissists | Keith Campbell | TEDxUGA

Things you could LEARN from a narcissist

5 Life Lessons We Can Learn From the Wolves - Best Motivational Video

What we can learn from different attitudes towards Russia – Geopolitics with Alex Stubb

How I Got Started In Programming And What You Can Learn From My Journey

What You Can Learn From 90s Video Games | Vishen Lakhiani