[groby_b]

> Twitter's crappy security is not remotely exceptional

Uh, no. If Mudge's accusations are true, that would speak to exceptionally bad security. Not compared to Joe's Diner around the corner, but certainly for a major player in the tech market.

[Maursault]

> that would speak to exceptionally bad security.

The accusations were not exactly specific. You're splitting hairs.

IT doesn't generate revenue. Often for this reason, at many large corporate locations, IT departments are spread critically thin, many far thinner than Twitter, which has money to afford experts like Mudge. These companies aren't sexy so they're never ever in the news and they're not on anyone's radar. Any idea how many Windows Server 2012 installations are still in production? Or how many corporate networks are entirely made of Windows 7? Far too many. The state of security in general across the entire American corporate landscape is shit, and even places that don't get compromised, like NSA, still get compromised.

In July, Twitter experienced a global outage of ~45 minutes, the longest outage global outage in years. If Twitter was some shocking, never before seen level of insecure, it wouldn't have been 45 minutes, and there'd be a lot more of them.

btw, I hate Twitter, Facebook, LinkedIn, et al., and passionately, but it's just not credible to claim that Twitter is the worst of the worst in security, because there is an astounding number of corporations with no security to speak of, like, no IT department, none. "It's something one of the drivers handles for us. He's a real wiz." That kind of thing. At least Twitter not only has an IT department, but also has security personnel. I think if anyone scrutinized, say, Yahoo, they'd find the same thing.

[jhugo]

> The accusations were not exactly specific. You're splitting hairs.

Have you read Mudge's actual whistleblower report, rather than just media articles about it? It doesn't go into extreme detail (at least in the unredacted parts), but there are plenty of specifics.

> In July, Twitter experienced a global outage of ~45 minutes, the longest outage global outage in years. If Twitter was some shocking, never before seen level of insecure, it wouldn't have been 45 minutes, and there'd be a lot more of them.

You seem to be conflating security with availability. There are plenty of ways to be insecure (many of them detailed in the report) that have no effect on availability.

[nibbleshifter]

Yahoo has previously been found to have abysmal security and was pretty much forced kicking and screaming into taking it seriously.

[Maursault]

Maybe Yahoo was a poor example. Substitute instead... idk, airbnb, doordash, or dominoes. I have no specific knowledge there is slack there, but having contracted in IT in a number of large and global enterprise, lack of security and lack of security concerns was all too common, and it stood out more in places that worked with and kept clients' financial information "on file."

[groby_b]

From my original post: "for a major player in the tech market". Where IT isn't just a cost center.

[Maursault]

AirBnB and DoorDash are Internet companies, just like Twitter. I wouldn't even consider Twitter "a major player in the tech market." Apple, Amazon, Google, Dell, Microsoft, IBM, Tesla, Nvidia, Samsung etc., are tech companies, but not Twitter or Netflix. What technology is Twitter secretly working on?