If you live by Web 2.0, you die by Web 2.0. Storing documents in the “cloud” gets you ease of access, it’s cheap, it’s easy, and as long as you care nothing about security, it’s a no brainer. Twitter was rife with XSS and CSRF worms this year, which annoyed many a “securitytwit”, but were sideshows to its rapidly growing user-base. But this year Twitter learned the hard way that when your entire security rests in the cloud, it only takes one unused hotmail account and a bored teenager to get your entire business plan, all your employee’s personal information, and administrative access to your 55 million dollar web application. According to Twitter’s top secret internal documents (now published on Techcrunch) “Are we building a new Internet?!?” Well if they are, it’s one that needs more security.
recognize both excellence and incompetence in the field of information security