ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Smart Tech people do some really stupid things

(1/1)

wraith808:
I saw this article today on Medium:

How I used a simple Google query to mine passwords from dozens of public Trello boards
https://medium.freecodecamp.org/discovering-the-hidden-mine-of-credentials-and-sensitive-information-8e5ccfef2724

excerpt:
A few days ago on 25th April, while researching, I found that a lot of individuals and companies are putting their sensitive information on their public Trello boards. Information like unfixed bugs and security vulnerabilities, the credentials of their social media accounts, email accounts, server and admin dashboards — you name it, is available on their public Trello Boards which are being indexed by all the search engines and anyone can easily find them.

--- End quote ---

With a simple google query, you can find this same info.  And this was a few days ago, and it still exists today.


--- Code: Text ---inurl:https://trello.com AND intext:@gmail.com AND intext:password
in a simple google query turns up username and passwords for some company gmail accounts.

I was flabbergasted when I saw that they still exist!  There were other queries in there too for all sorts of simple information- stored in publicly accessible Trello boards.  The even worse thing about this, is that this article was written on May 9.

We know about the stupid things that people do.  Using password for their password or abcdef or 12345.  But this kind of stuff... I would still think that people at tech companies would take this into account.

I guess I was wrong.

Deozaan:
Yikes!  :o

Stoic Joker:
Just because someone "works in IT", doesn't necessarily mean they're an IT Person. Everybody these day is in a rush to - offload responsibility - the cloud because it has been marketed - to death - as the be-all and end-all solution to keeping those damn expensive and cranky IT types on staff. So ultimately nobody is minding the store because everybody is told security is the other guy's job - the properly trained people have all been sent away - And it's all perfectly safe in the cloud... Right?

Yeah, or not..

The private forum has to be private, because it has a sign right there that says it is … And nobody is going to have the audacity to just walk (into Mordor...) past a sign...right?!?

I see it all too often, somebody in middle/upper management wants it to be so … So they mandate it as such, and if nobody is there to explain why it dangerous/stupid it gets pushed through.

*Sigh* Low hanging fruit by fiat.

wraith808:
I was waiting for you to chime in Stoic.  Not disappointed  :Thmbsup:

Navigation

[0] Message Index

Go to full version