topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday October 13, 2024, 5:09 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Smart Tech people do some really stupid things  (Read 5526 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,188
    • View Profile
    • Donate to Member
Smart Tech people do some really stupid things
« on: November 04, 2018, 01:05 PM »
I saw this article today on Medium:

How I used a simple Google query to mine passwords from dozens of public Trello boards
https://medium.freec...rmation-8e5ccfef2724

excerpt:
A few days ago on 25th April, while researching, I found that a lot of individuals and companies are putting their sensitive information on their public Trello boards. Information like unfixed bugs and security vulnerabilities, the credentials of their social media accounts, email accounts, server and admin dashboards — you name it, is available on their public Trello Boards which are being indexed by all the search engines and anyone can easily find them.

With a simple google query, you can find this same info.  And this was a few days ago, and it still exists today.

Code: Text [Select]
  1. inurl:https://trello.com AND intext:@gmail.com AND intext:password

in a simple google query turns up username and passwords for some company gmail accounts.

I was flabbergasted when I saw that they still exist!  There were other queries in there too for all sorts of simple information- stored in publicly accessible Trello boards.  The even worse thing about this, is that this article was written on May 9.

We know about the stupid things that people do.  Using password for their password or abcdef or 12345.  But this kind of stuff... I would still think that people at tech companies would take this into account.

I guess I was wrong.
« Last Edit: November 04, 2018, 04:02 PM by wraith808 »

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,759
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Smart Tech people do some really stupid things
« Reply #1 on: November 04, 2018, 01:22 PM »
Yikes!  :o

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Smart Tech people do some really stupid things
« Reply #2 on: November 05, 2018, 11:00 AM »
Just because someone "works in IT", doesn't necessarily mean they're an IT Person. Everybody these day is in a rush to - offload responsibility - the cloud because it has been marketed - to death - as the be-all and end-all solution to keeping those damn expensive and cranky IT types on staff. So ultimately nobody is minding the store because everybody is told security is the other guy's job - the properly trained people have all been sent away - And it's all perfectly safe in the cloud... Right?

Yeah, or not..

The private forum has to be private, because it has a sign right there that says it is … And nobody is going to have the audacity to just walk (into Mordor...) past a sign...right?!?

I see it all too often, somebody in middle/upper management wants it to be so … So they mandate it as such, and if nobody is there to explain why it dangerous/stupid it gets pushed through.

*Sigh* Low hanging fruit by fiat.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,188
    • View Profile
    • Donate to Member
Re: Smart Tech people do some really stupid things
« Reply #3 on: November 05, 2018, 12:30 PM »
I was waiting for you to chime in Stoic.  Not disappointed  :Thmbsup: