Miscellaneous Tech News

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records
https://www.wired.com/story/exactis-database-leak-340-million-records/

Once the fuckbags that let this shit happen get strung up and publicly tortured.... then these breaches will finally stop.

dafyre

@rojoloco said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records
https://www.wired.com/story/exactis-database-leak-340-million-records/

Once the fuckbags that let this shit happen get strung up and publicly tortured.... then these breaches will finally stop.

Publicly flogged twice for each record leaked. Fined, $100,000 for each record leaked ($99,000 of which goes to the person whose records were leaked), and the entire C-Level team fired if this was discovered and not reported for more than 36 hours.

JaredBusch

@obsolesce said in Miscellaneous Tech News:

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records
https://www.wired.com/story/exactis-database-leak-340-million-records/

Public ElasticSearch database

fucking idiots.

Kelly

Interesting possibility for SMB network monitoring: https://www.ipswitch.com/about/news-and-events/ipswitch-news/first-ever-free-edition-of-whatsup-gold-released-by-ipswitch. 5 nodes isn't a ton, but if all you need is your edge and your core then this is good.

Kelly

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

travisdh1

@kelly said in Miscellaneous Tech News:

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

coliver

@travisdh1 said in Miscellaneous Tech News:

@kelly said in Miscellaneous Tech News:

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

I just run everything over a proxy that's encrypted.

travisdh1

@coliver said in Miscellaneous Tech News:

@travisdh1 said in Miscellaneous Tech News:

@kelly said in Miscellaneous Tech News:

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

I just run everything over a proxy that's encrypted.

That's what I do for everything that is web based. Still have a few things, like the minecraft server, that's not available on a standard web page.

Kelly

@travisdh1 said in Miscellaneous Tech News:

@kelly said in Miscellaneous Tech News:

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

travisdh1

@kelly said in Miscellaneous Tech News:

@travisdh1 said in Miscellaneous Tech News:

@kelly said in Miscellaneous Tech News:

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

While I question the automatic response of AV being needed today, neglected servers, web sites, and anything else is way to common, for sure!

scottalanmiller

@travisdh1 said in Miscellaneous Tech News:

@kelly said in Miscellaneous Tech News:

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

Well Google itself came up as not HTTPS just two days ago, so....

scottalanmiller

@kelly said in Miscellaneous Tech News:

@travisdh1 said in Miscellaneous Tech News:

@kelly said in Miscellaneous Tech News:

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

For static sites, it's not irresponsible in any way. If you have no user data moving, there's nothing wrong with plain text. There are good reasons to do HTTPS everywhere today, but security is not always it.

stacksofplates

@scottalanmiller said in Miscellaneous Tech News:

@kelly said in Miscellaneous Tech News:

@travisdh1 said in Miscellaneous Tech News:

@kelly said in Miscellaneous Tech News:

If your marketing people start complaining about the number of hits their sites are getting falling through the floor, this might be the culprit: https://thehackernews.com/2018/07/google-chrome-not-secure.html. (Since the link is not helpful, here is the headline from the article: "From today, Google Chrome starts marking all non-HTTPS sites 'Not Secure'".

Who doesn't have a site running HTTPS now? Before Letsencrypt made it free, maybe, but no excuse now! Even my home lab box runs everything over secured connections now.

Everyone should be, but we still run into computers without AV or passwords, so it is unsurprising to me that there are sites that neglect this basic responsibility.

For static sites, it's not irresponsible in any way. If you have no user data moving, there's nothing wrong with plain text. There are good reasons to do HTTPS everywhere today, but security is not always it.

No user data doesn't mean you don't need HTTPS. MITM with fake login forms, DNS hijacking, etc is still a big vulnerability for static sites on HTTP.