I’ve been waiting for this to happen. An email verification vendor has left their database of 800 million email addresses along with detailed individual data. unprotected on the internet. Bob Diachenko reported the discovery yesterday on his blog. Wired also ran an article (An Email Marketing Company Left 809 Million Records Exposed Online) based on his findings. Padlock on a keyboard with...
Security Truths
Being in infosec for so long takes its toll. I've come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don't seem to be any exceptions, and it gets depressing.
— briankrebs (@briankrebs) September 26, 2018
Way to go Equifax
Earlier this month I wrote about how we can’t trust Equifax with our personal data. I’m not sure we can trust them with a cotton ball. Today, we discover Equifax has been sending consumers worried about their personal information leaking to the wrong site. [O]n multiple occasions over the span of weeks, the company’s official Twitter account responded to customer inquiries by...
About those degrees…
There is a meme going around related to the Equifax hack that points out an executive in charge of security doesn’t have a degree related to security. Surprise! A lot of the folks who currently keep us safe on the internet don’t have degrees in security. They just didn’t exist when we were in school. I think Paul summed it up best: [T]alking about Susan Mauldin’s music degree is...
Equifax compromise and their insecure response
Today it was announced that someone infiltrated Equifax earlier this year and stole 143,000,000 identities. These identities include names, birthdates, and addresses, at a minimum. Details are available at your favorite news site. What I want to talk about is the website they’ve put up to address the issue. This website is Yet Another Example of how the financial services industry trains...
Email address as identity
A few months ago I was talking about different mailbox tools and mentioned email addresses are the keys to our online identity. They are, email addresses are the magic key that authenticates us and opens access to different accounts. The bad guys know this too. The Justice department recently announced a plea deal related to compromised email accounts. The individual in question gained access to...
Mailbox tools are a security risk
On Sunday the NYTimes published an article about Uber’s CEO. One of the pieces of information that came out of that article is services like unroll.me sell information they scrape out of emails sent to their users. Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice Intelligence. Using an email digest service it owns named Unroll...
The Cyber and The Security
Cybersecurity has been on my mind lately. There is a lot of bad stuff going on, from giant dDOS attacks, to subscription bombing, to the ongoing low level harassment that some people have to deal with on a daily basis. I’ve written a lot about how I think marketers are going to have to step up and stop being a conduit for abuse. I do believe this. There are a lot of different issues to...
Electronic records outside US not covered by US warrants
The 2nd Circuit Court of Appeals ruled against the Government today in US Government vs. Microsoft. The government is investigating a drug dealer and want access to records held by Microsoft. Microsoft turned over metadata stored on US machines. But they refused to turn over the specific emails stored on machines in Dublin. The company’s position is that the federal government needs to...