IT security and control firm Sophos is calling on Twitter to
allow its members to fully delete posts following news that last
night Jonathan Ross accidentally revealed his personal email
address on the micro-blogging service.
Ross, who is a huge fan of Twitter and has more than a quarter
of a million followers, posted his full email address for all to
see, but realising his mistake, quickly deleted the message from
his Twitter timeline. However, Sophos can reveal that he is just
the latest user to fall for a gaping security hole in the way
Twitter works - when you 'delete' a post on Twitter, it is never
really deleted. By simply using Twitter's Advanced search facility,
all posts (whether they have been deleted or not) can be found.
Jonathan Ross's email slip
underlines Twitter security problem from SophosLabs on Vimeo.
According to Sophos, this is a serious security issue as people
will always accidentally type something they didn't mean to, or
post the message in public rather than send as a direct mail.
Twitter needs to recognise this and allow its members to properly
delete any message they choose from all of Twitter, not just their
own stream.
"There's no reason for Twitter to keep these posts and in fact,
this is really irresponsible behaviour," said Graham Cluley, senior
technology consultant at Sophos. "In Ross's case, his email address
could have been scooped by spammers or used by fraudsters
pretending to be the star. And, with so many fervent fans, there's
a risk Ross will get bombarded with so many emails requesting he
send a signed photo, open the local garden fete, or simply pass on
the mobile numbers of his celebrity buddies, that his inbox could
effectively burst at the seams. Accidents like this will happen,
and Twitter should be helping, not hindering, its users to clean up
the mess afterwards. For Ross, his best bet is to change his email
address as soon as possible."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.