Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Weekly Update 384

published on 2024-01-28 00:36:58 UTC by Troy Hunt
Content:

Presently sponsored by: Kolide can get your cross-platform fleet to 100% compliance. It's Zero Trust for Okta. Want to see for yourself? Book a demo.

Weekly Update 384

I spent longer than I expected talking about Trello this week, in part because I don't feel the narrative they presented properly acknowledges their responsibility for the incident and in part because I think the impact of scraping in general is misunderstood. I suspect many of us are prone to looking at this in a very binary fashion: if the data is publicly accessible anyway, scraping it poses no risk. But in my view, there's a hell of a big difference between say, looking at one person's personal info on LinkedIn via the browser versus having a corpus of millions of records of the same data saved offline. That's before we even get into the issue of whether in Trello's case, it should ever be possible for a third party to match email address to username and IRL name.

To add some more perspective, I've just posted a poll immediately before publishing this blog post, let's see what the masses have to say:

Weekly Update 384
Weekly Update 384
Weekly Update 384
Weekly Update 384

References

  1. Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Trello had 15M records scraped and posted publicly (somehow the narrative feels like it's pushing back on things that were never said to begin with)
  3. The "Mother of all Breaches"... which isn't (someone leaving their personal stash of existing breaches doesn't make everything re-breached)
  4. HIBP got a nice little shout-out from our MP for Cyber Security (I'm still fascinated at just how mainstream this little service has become 😊)
Article: Weekly Update 384 - published 10 months ago.

https://www.troyhunt.com/weekly-update-384/   
Published: 2024 01 28 00:36:58
Received: 2024 03 10 13:02:00
Feed: Troy Hunt's Blog
Source: Troy Hunt's Blog
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor