Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Twitter Businesses

Can Elon Musk Spur Cybersecurity Innovation At Twitter? (securityweek.com) 138

"Twitter DMs should have end to end encryption like Signal," Elon Musk tweeted Wednesday to his 89 million followers, "so no one can spy on or hack your messages."

And on Monday, Musk also announced hopes to "authenticate all humans."

But now Security Week is wondering if Musk's acquisition of Twitter will ultimately mean not just better security at Twitter but also innovation for the entire cybersecurity industry: Twitter has struggled with consistent security leadership, hiring and firing multiple CISOs even as nation-state adversaries target Twitter's massive user base with computer-generated disinformation campaigns...."Even if you don't like the guy, you have to root for Twitter to beat the bots," said one prominent CISO interviewed by SecurityWeek on Tuesday. "I think we will all benefit from any security features they [Twitter] can create."

Jamie Moles, a senior technical manager at ExtraHop, said the bot-elimination mission could have spinoff benefits for the entire industry. "While this seems like a Sisyphean task, if he's successful, the methods used by Twitter to eliminate bots from the platform may generate new techniques that improve the detection and identification of spam emails, spam posts, and other malicious intrusion attempts," Moles said. If Musk and his team can train AI to be more effective in combating this, it may well be a boon to security practitioners everywhere," Moles added.

"Identity is one area I expect to see movement. In addition to just detecting bots and spam better, I think we will see Twitter do a better job around verifying humans. There are a lot of things to fix there," said one CISO who requested anonymity because his company does security-related business with Twitter. Industry watchers also expect to see the company improve the multi-factor authentication (MFA) adoption numbers among its massive user base....

If Twitter can build a reliably secure platform with a new approach to distinguishing between human and bot traffic and fresh flavors of MFA and encryption, this could be a big win for the entire industry and users around the world.

Thanks to Slashdot reader wiredmikey for sharing the story
This discussion has been archived. No new comments can be posted.

Can Elon Musk Spur Cybersecurity Innovation At Twitter?

Comments Filter:
  • than do anything about privacy and security.
  • by Gravis Zero ( 934156 ) on Saturday April 30, 2022 @10:54AM (#62491918)

    Do NOT use Twitter.

  • I hate those damn things, and I'm not a robot. Hell, an insurance company's ad agency [youtube.com] has figured out that most people can't stand "are you human?" checks. Proceed at your own peril, Musk.

    I've got my popcorn ready for the exodus to whatever takes Twitter's place.

    • by BeerCat ( 685972 )

      Maybe, instead of an "anti-Turing" test (the "I am not a robot" ones), Musk should implement a better Turing one to defeat the bots.

      A small site I use has one of those "I am not a robot" features when an authorised user needs to make changes to the content, although for me it is literally tick the box, rather than jump through the hoops of "tick all the ones with...". Perhaps the background checks (eg time from navigating to a page vs start of any input) mean it is obvious that only a human is doing the inp

    • by splutty ( 43475 )

      We've gone full circle with computers now asking us if we're not robots.

      Be very careful what you answer!

  • not likely (Score:3, Interesting)

    by awwshit ( 6214476 ) on Saturday April 30, 2022 @11:00AM (#62491934)

    > If Musk and his team can train AI to be more effective in combating this, it may well be a boon to security practitioners everywhere

    Good luck with that. The only thing Musk will do is unblock people and make it seems like Twitter has done something about censorship. Musk wants a better tool for himself, nothing more. And Musk will vehemently go after anyone critical of his new toy or the ideas he wants to introduce to it.

    I don't use Twitter and I don't care how this turns out, but I don't see how much good can come from Musk owning Twitter, it will only be good for Musk.

    • Re:not likely (Score:5, Insightful)

      by leonbev ( 111395 ) on Saturday April 30, 2022 @11:27AM (#62492000) Journal

      If anything, I'd imagine that Musk is going to scare away a lot of the Twitter developers and engineers who could help to better secure the platform.

      • Re:not likely (Score:4, Interesting)

        by AmiMoJo ( 196126 ) on Saturday April 30, 2022 @11:46AM (#62492072) Homepage Journal

        Musk seems to have a bit of a thing for AI. He consistently underestimates how difficult AI is. Look at Tesla's Full Self Driving, which has been just about to launch since 2016. Or his humanoid robot, which he claimed in February would launch this year, despite the fact that the only "prototype" they have shown off was a man in a spandex costume dancing on stage.

        He seems to think he can solve Twitter's fake account problem with AI. Experience tells us that he probably can't.

        • >He seems to think he can solve Twitter's fake account problem with AI. Experience tells us that he probably can't.

          I think he needs to make a good-faith effort, Twitter has been selling ads based on human views, not spam-bot views which is likely fraud. Considering how many accounts gained and lost 10's and 100's of thousands followers on Tuesday, it's a lot more than round-off error too. Now since their stock prices are based at least in part on revenue, which have the appearances of being fraudulently inflated, Twitter could find itself being raked over the coals by the SEC, it's board and C-levels getting sued for br

        • by Kremmy ( 793693 )
          He probably feels like the success in using AI to perform real time corrections during rocketry maneuvers, where the AI is able to track however many variables faster and more efficiently than a human pilot would be able to, means it will have more success with moderating human discourse. But natural language is one of the oldest and least effective fields of artificial intelligence. It relies on a breadth of human knowledge for nuance that AI simply do not have. They have trained an artificial intelligence
        • Musk seems to have a bit of a thing for AI. He consistently underestimates how difficult AI is.

          I had occasion to do battle with Cora the bank robot recently. This algorithm is a so-called "digital assistant". The interaction with Cora is via a text chat interface, which makes you think that you may be interacting with a human. If that were the case, the human must be stupid to the point of absurdity, addicted to following rules, and wantonly cruel. In other words, somebody has invented an artificial Nazi. After spending hours in the AI torture chamber, my dogged persistence eventually put me in touch

      • Why expect something different from the existing team after 16 years?
      • by lsllll ( 830002 )
        That makes sense if they're okay with the current culture and he's going to change that. The question is, does it matter? Probably not.
      • If anything, I'd imagine that Musk is going to scare away a lot of the Twitter developers and engineers who could help to better secure the platform.

        It needs a good shake-up.

        The people who leave can move on to other companies/industries/projects and make them better, and Musk can hire new people who won't have the same preconceived notions about how things should work. It is a win-win.

    • by HiThere ( 15173 )

      You're awfully certain about your analysis of his motives and your predictions of his actions. I doubt that you have reasonable grounds for such certainty.
      That said, you *could* be right. If there were verifiable metrics, I'd put the chances at a lot less than 50%, but that's a lot better than chance, as there are many possible alternatives.

      *That* said, I'm rather certain that "Musk wants a better tool for himself". It's when you tack on "nothing more" that I find out projections extremely dubious. I al

      • he'll use it to make up for a lack of a marketing dept in Tesla - he's as bad as trump a lot of the time
    • Did someone piss on your Wheaties? Someone bought something and your conclusion is that it will only be good for them. I love the genius level thinking there. Can you do it with my mom and her visit to the grocery store too?

      I don't use Twitter and I don't care how this turns out, but I don't see how much good can come from Musk owning Twitter, it will only be good for Musk.

      For someone who doesn't care, you sure spew a lot of bile. WTF? Why did you even post your message if you don't care? You absolutely do care and I can't figure out why. Something to do with anger/hate/jealousy or some other negative emotion. Regardless, it is not a good look on you. Have

      • I guess Musk's answer for everything is AI. Musk is going to solve any twitter issue with AI. Sounds like a steamy pile of crap to me.

        Your Mom didn't buy the grocery store. Your Mom wouldn't consider buying the grocery store, if the store does not suit your Mom then she'll just find another one. Your Mom has not decided that the grocery store needs work and that taking it over herself is the best approach. See the difference?

        Its clear that Musk wants to tweak twitter, he clearly will not change twitter in

  • Comment removed based on user account deletion
    • Comment removed based on user account deletion
    • Re:Another WTF (Score:4, Insightful)

      by onefriedrice ( 1171917 ) on Saturday April 30, 2022 @11:29AM (#62492008)
      I don't know much about Twitter but I was under the impression that DMs were private messages between users. Sounds like a perfect use case for e2e encryption to me. I heard some people were upset at the idea of Musk suddenly having access to their DMs when he takes over, so it's even a solution to a problem people are actually talking about.

      I believe Musk has already commented on several other ways he wants to improve the platform, including an edit button, so I don't think we need to get pissy just because he mentioned an improvement you personally don't care about.

      Honestly it seems to me people are inventing reasons to hate Mr. Musk. It is difficult to detect derangement in oneself in the moment, but some might recognize it if they took a step back, took a deep breath and tried to analyze why an eccentric billionaire buying a company to make its product objectively better fills them with rage.
      • by HiThere ( 15173 )

        There *are* lots of reasons to hate Musk, but yeah, why not stick to the real ones. E.g. he often promises things he can't deliver on.

        • Re:Another WTF (Score:5, Informative)

          by ChatHuant ( 801522 ) on Saturday April 30, 2022 @12:30PM (#62492156)

          he often promises things he can't deliver on.

          On the other hand, when he *does* deliver on things, they're often humdingers. I mean, when I saw the video of the Tesla roadster in space, with the Earth as background I felt like I was living in the future again. The same when I saw the synchronized landing of the two Falcon boosters: it was like a science fiction movie in real life. And I recently got an electric car and find I'm enjoying driving in a way I didn't for a long time now, with previous cars. And even though my car is not a Tesla, I still credit Musk with the fact he spurred other manufacturers to switch to electric.

        • yeah, why not stick to the real ones. E.g. he often promises things he can't deliver on.

          I'll bite, what do you mean?

          So far none of the companies he has started have folded, and are rolling out promises he made.

          Self driving for example is already working better than most human drivers, and obviously the end goal is in sight at this point.

          Just can't think of any examples where he has yet promised soemthing he can't deliver on...

          Unless you mean buying Doritos and filling the bags? That was a joke.

      • by jsonn ( 792303 )
        E2E doesn't really make sense for the use model of Twitter. As long as you can use the web frontend, Twitter must have access to your decryption key anyway. At that point, it mostly becomes a minor barrier for admins to not accidentally read DMs. That's essentially what is necessary for encryption-at-rest models and there are far simpler approaches for that, e.g. separating frontend and storage layer and encryption with frontend-specific key, so that the storage layer never knows the actual DM content.
      • by AmiMoJo ( 196126 )

        An edit button is a bad idea. If a tweet is that bad, just delete it. If it's a typo, nobody cares that much.

        The only reason he wants a edit button is because he keeps getting ratioed. That is, he posts something he thinks is clever and someone replies with an opposing view, and gets more likes than he does. He wants to be able to edit his post to "clarify" whatever BS they called him out on after he realizes what a nincompoop he looks like.

    • by AmiMoJo ( 196126 )

      Musk is talking about two things, a least I think/hope he is.

      1. Direct Messaging (DMs), user to user, should be encrypted. Basically combining Twitter and WhatsApp. Obviously there is limited utility in E2E encryption for public posts, although you can imagine a WhatsApp group type function for messaging only visible to followers.

      2. Verifying posters are humans, to eliminate bots. Well, not eliminate because some legit bots are quite useful. Twitter has had a bot/fake account problem forever, same as Facebo

      • Musk is talking about two things, a least I think/hope he is.

        The summary actually pretty well laid out they were seperate - just as you said, encryption was about protecting a DM, and then a different effort to verify humans and try to eliminate bots.

        The problem with "authenticate all humans" is that anonymity is no longer possible

        I disagree, I don't think those two things are totally at odds with each other. Verifying you are A humans is not the same thing as verifying you are a SPECIFIC human.

        I'd bet a w

      • some legit bots are quite useful.

        Really? I would like to see some examples.

        • by AmiMoJo ( 196126 )

          That one that posts details of all Musk's private flights is pretty handy. His environmental credentials are somewhat questionable when you look at it.

          Gender Pay Gap Bot responds to corporate press releases with their legally mandated gender pay gap data.

          Liminal Spaces is a bot but sometimes posts some interesting photos.

    • > Maybe he's just distracted by his obsession with AOC to understand what it is he's using here.

      Just FYI, it's "aoc", not "AOC".
      She doesn't like capitalism.

    • FTFY?

      My main reaction to your suggestions is that the character limit isn't the biggest problem of Twitter, though you did diagnose the broader problem in a clever or even insightful way (notwithstanding the lack of recognition from the all-powerful moderators). Most memes can be condensed (notwithstanding my verbosity), and lack of an edit button isn't even a real problem, but rather an edit button is most likely to be abused to make bad discussions worse.

      However I think it would be possible to "humanize"

  • Good thing though is that his state of mind is in constant flux.
  • He's deflecting from the fact that he is spying on everyone. He puts silicon into monkey brains, are you surprised?

  • He doesn't know the first thing about cyber security and he's already talking to the people who gave him the money for this little stunt about mass layoffs to increase profitability. I fully expect several big security leaks due to understaffing issues while he and his money men try to claw back the $44 billion they just spent on a website that Gen Z (the next generation of consumers) doesn't seem all that into.
  • The basic problem in security today is authentication. Is this packet (and its contents) authorized to access this system?

    Passwords, tokens, cookies, etc are basically upper-layer hacks around this fundamental problem...especially since you can do damage at the packet level.

    At some point everyone will move to device-based authentication, but hardcore device auth: not just 2FA, but you have to literally register your device and no unregistered devices will be allowed to the primary site at all; you'll be cap

    • by HiThere ( 15173 )

      I don't think that would work against well funded targeted attacks. Against undirected attacks there are lots of ways that pretty much work...but are a bother. You've got to figure how valuable avoiding the attack would be, and use that level of security EVERY TIME the information if vulnerable.

    • ...and I hope that day never comes. Anonymity on the internet is important. I don't want to provide my ID to Twitter, to Reddit, to Slashdot.
    • The basic problem in security today is authentication.

      I am not sure how relevant this is to a platform like Twitter, where the intent is to provide publicity, rather than private communication. Stretching it a bit, I suppose that it is a matter of concern that someone should not be able to pretend to be you, for some nefarious ends. I am not what you would call an Important Person, so maybe this is not a concern for me. But I guess if some Important Person says something on a platform like Twitter, it would be good if that were their genuine opinion, and not s

  • by Anonymous Coward
    Yeah, this makes Musk sound like a true champion of freedom. "Let's CHARGE PEOPLE MONEY so we can create a DATABASE OF ALL HUMANS, whose identities have all been verified, because using a social media platform to identify and track all people who use it just screams good ol' fashioned American FREEDOM!" Some people are truly nuts. They spent years screaming about not wanting to be tracked. They made up a whole "the vaccine is big gubmint and big tech secretly injecting you full of 5G chips so they can trac
    • by tragedy ( 27079 )

      Also, do you remember when most of those people despised Musk because he ran an electric car company and a solar roofing company?

  • by Anonymous Coward on Saturday April 30, 2022 @12:45PM (#62492192)
    If "member" count was to stop increasing or go down at Facebook, LinkedIn, etc. due to blocking and eliminating fake members, the stocks of the parent companies would plunge because the services are not "growing." If Twitter becomes privately owned by someone who isn't in it for the money, perhaps Twitter will be the one social network with honest numbers.
  • Wonder if they could make some of this better by allowing some bot created content. Meaning label posts by bots differently, and add an API to allow some bot operations...

    They'd need to treat any bot content differently though. As they aren't users. And likely all posts from "Bot" accounts should be penalized on a real user or even group of users (for company accounts).

    Guess it depends what the reason for the bots are, and what they're trying to prevent with blocks against bots.

    • Why would I want to read bot created content? I guess it is interesting as an academic study, to see how convincing bots can be, but it certainly does not advance useful debate. I do find some Twitter threads quite useful for informal debate on subjects that interest me. I can't imagine a bot contributing anything worthwhile on the topics of a wealth tax or profiteering from energy price rises. I do read some total rubbish, but it is presumably someone's opinion, and worth considering. Does a bot even have

  • He can't even stop his own hardware from being hacked. I've already got a couple friends with better self-driving on their own custom firmware (which phones home to itself so Tesla never knows wtf.)

    Silicon Valley's already fucked Tesla. If you think they're worth investing in, you're stupid as fuck. Thanks for the money!

  • Heâ(TM)s a great entertainer, but more closely aligns with a billionaire clown than what his companies make him look like. The real credit goes with the people who innovate and engineer ⦠I am so sick of hearing about this buffoon. My goodness.
  • .. but he sent his electric car, which he produced, into orbit on his rocket, which he produced, while probably browsing using his internet satellite constellation, which he produced.

    Fucking listen to yourselves. He's accomplished more in 10-15 years than then whole fucking lot of you ever will in multiple lifetimes.

    They'll still be talking about this guy in two hundred years time. You'll just be a decaying headstone somewhere.

    • by tragedy ( 27079 )

      Giving Musk credit where it's due doesn't mean that you can't criticize his purchase of Twitter. Now, I don't have actually have much skin in this game. I don't really use Twitter. I certainly don't have an account, though I sometimes read tweets that are referenced elsewhere. To me, they're probably most significant for getting Americans to stop calling "#" the "pound" symbol (which I always found annoying since, even though it probably originated as a pound symbol for the Romans, it's never used that way

      • he's not making the kind of solid purchases that he made in the past.

        Were those purchases that solid when he made them? Musk has made a great deal of money by putting money into stuff that was far from solid, and then making it work. Some of his ideas are flaky, and go nowhere, but when he backs something that works, that pays for the duds he backed. If everybody stuck to sound investments, we would still be riding around on horses.

        • by tragedy ( 27079 )

          Were those purchases that solid when he made them? Musk has made a great deal of money by putting money into stuff that was far from solid, and then making it work.

          I think Tesla was solid enough from a technical point of view for the price. SpaceX was pretty speculative. In hindsight it seems solid because they proved their concept but yeah, there was a fair amount of risk there. To clarify my position though, I'm thinking of these in terms of the initial price vs. the risk of failure. At the time of purchase/founding, Musk could have just walked away from the initial investment and not felt much financial pain. The majority of the money he spent on these businesses w

      • Thank you! Best comment on the article. I think you are pretty much spot on.

        If I had one wish, it would be that he said 'fuck it' to the risk/cost and simply opened twitter up and turned it into a true open source protocol based system. The whole problem is that someone owns it. Who owns it is mostly irrelevant unless they do something completely radical, as in opening it up.

        • by tragedy ( 27079 )

          I agree completely. I said pretty much exactly that in a recent post on another thread about the twitter purchase here [slashdot.org]. It's a fairly long and maybe a bit rambling. Here's the excerpt that actually deals with this:

          The thing is, no-one actually owned Usenet (the AOL users did not quite understand and thought that they actually did and that non-AOL users were just somehow pirating their service, but that's something else entirely) Usenet was a set of protocols and store and and forward servers. You still had to have a newsfeed from your ISP or your school or something, and not everyone carried all the groups, and some servers did moderate even the unmoderated groups, but there was not a central company that owned everything like there are with pretty much all modern forums. All of which pretty much just replicate Usenet. That's one of the reasons all these modern forums are pretty much garbage.

          So, if Musk really wanted to do something towards a real online public square, he should have tackled revamping or cloning Usenet. Spend those billions on hiring developers and marketers to create a protocol that can run on a distributed, decentralized, encrypted, customizable private network that no-one controls because it's all about the (open) protocols. Create a non-profit foundation to provide moderation (through ratings on posts, somewhat like Slashdot), but have an open moderation system so that users can pick and choose who does the moderation or choose no moderation. Use marketing people to popularize this new system and to replace those other forums. Musk could promote his client, but there could be dozens of clients for it.

          So I agree with you quite strongly. Implementation details might vary, but removing the central control aspect is important. Somehow, at the birth of the World Wide Web, we made a wrong turn. On a related I would also argue that we made a serious wrong turn with accepting the proliferation of Netw

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...