Email or username:

Password:

Forgot your password?
All posts Thomas's posts Post Back to profile
Top-level
Darren

@dko @thomasfuchs @pjohanneson same reason your bank is still using sms for 2fa. people get upset if you force them to do it the right way. and they get outraged if you don’t. This would be the perfect setup for #GWAS on #password and #2fa hygiene

6 Dec 2023 at 5:32 | Wall-to-wall | Open on sfba.social
6 comments
Dan

@dplattsf @thomasfuchs @pjohanneson again, who are you arguing for here? companies with shitty policies? companies that leak DNA data?

why are you just naming bad practices as if they justify more bad practices?

"bad things have happened and unconcerned people are responsible" is not a defense for bad engineering that endangers your users.

6 Dec 2023 at 5:44 | Open on infosec.exchange
Darren

@dko @thomasfuchs @pjohanneson just trying to understand the outrage and indignation here - again they’re well within the norm for orgs and they also didn’t get any of their systems breached so saying they were hacked is misinformation. They have normal users doing normal bad things. but it’s dna so .. .. .. must be so much worse ? People need recalibration.

6 Dec 2023 at 5:48 | Open on sfba.social
Dan replied to Darren

@dplattsf @thomasfuchs @pjohanneson "well within the norm" is not a security standard. that's not what users signed up for and if it were plainly stated no one would ever reveal identifying data to these people, let alone their genome.

How are you not getting why this is a significant breach?

Data brokers have no "do not buy list". They will get any info from any source that's available.

"didn't get their systems breached" is not a statement i would make if 14,000 user accounts were compromised, which later led to disclosing the data of 50% of your users.

you know the first thing the attackers did was release a million lines of user data, right? for free, right away, and all of those users were jewish

can you see how this data could be misused now?

nbcnews.com/news/us-news/23and

@dplattsf @thomasfuchs @pjohanneson "well within the norm" is not a security standard. that's not what users signed up for and if it were plainly stated no one would ever reveal identifying data to these people, let alone their genome.

How are you not getting why this is a significant breach?

Data brokers have no "do not buy list". They will get any info from any source that's available.

6 Dec 2023 at 6:21 | Open on infosec.exchange
DELETED replied to Dan

@dko @dplattsf @thomasfuchs @pjohanneson

I work in this field.

It was a credential stuffing attack. Google that. There wasn't much they could have done about it.

However, Everything they've done after the fact has revealed them to be the shitty corporation that most corporations eventually reveal themselves to be.

It's a breach, but not like a breach where there were default creds exposed on the internet (equifax) or some idiot (LastPass).

6 Dec 2023 at 13:48 | Open on mstdn.social
Cybarbie replied to DELETED

@BigMcLargeHuge @dko @dplattsf @thomasfuchs @pjohanneson

You work in what field? There absolutely are many very effective ways to make sure your idiot users do not choose bad passwords. You could for example make them accept an autogenerated one, enforce some sort of second check - perhaps you are familiar with when you get a pin sent to you on your phone? We can already tell their users are people who do not care about their own or their families privacy and so probably warrant extra checks.

6 Dec 2023 at 15:42 | Open on mastodon.social
paradx

@dplattsf @dko @thomasfuchs @pjohanneson the bank is using 2fa though, and given the sensitivity of the data, I would think even doing shitty 2fa would have helped.

6 Dec 2023 at 11:21 | Open on chaos.social
Go Up