There were some thought-provoking comments on yesterday’s post: is this kind of information a data leak, a breach, or just being too informative?
In the example below I had to blank out the username because it was the same as the Twitter name.
We’ve become accustomed to the positive security model for email, which is to send only to those we specify. Social media generally has a negative security model which is to make it visible to all unless you specify otherwise.
In this case, the habit from the email model was likely the culprit, and although a recipient was specified, it wasn’t sent as a Twitter Direct Message (DM), so we all get to be ‘Oscar’.
2 responses so far ↓
1 Social Media Data Leaks: TMI // Jul 28, 2009 at 9:30 pm
[...] Social Media Data Leaks: The Polarity of Security Models [...]
2 Is OpSec An Endangered Species? // Aug 5, 2009 at 7:16 am
[...] Andrea DiMaio in Gartner’s government practice gave his thoughts here, while Anthony Bradley in our Application Architect group did so here. Greg Young had previously demonstrated Twitter data leakage here. [...]
Leave a Comment