#security (2018-11)
Archive: https://archive.sweetops.com/security/
2018-11-22
Uh oh, think solar winds properties were hacked
Wow they are planning a 500m IPO
Okay, maybe not hacked https://mobile.twitter.com/geekmuse/status/1064604275089842177
2018-11-26
2018-11-27
Aye, people giving maintainer quite a lashing
yea, it’s given me pause
we also maintain cloudposse/packages which basically bundles other repos binaries
need something like that for npm
blockchain for packages lol
I don’t feel like a web of trust helps prevent the attack; and only marginally affects the ability to cast blame. Malicious code/package changes could happen, but a developer may be only guilty of having their signing key compromised.
security is always just about layers
a developer can also be held at gun point
^^ Sounds like suggesting a key signing party. Weird places
I’m still waiting for the first malicious Ubuntu PPA
2018-11-30
Basically if you’ve stayed at Starwood’s hotel brands that include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton - your information is pwned
name address phone number email address passport number account information date of birth gender arrival and departure information
how they have so many people?
Starwood is one of the largest international hotel chains
read: all guest stay details since ~2014
luckily I can change my passport number quite easily – thanks to my newfangled e-ink passport
Whatttt??
Is that for real? E ink passport?
lol
trolled
just imagine: single use passport numbers
I think this should just teach folks everywhere to rarely share accurate details that are never used with folks that don’t need the details. Typically there are no consequences for providing a wrong birthdate / address / phone / passport#
Oh dear.
1Password should implement an identity generator
So I can have a unique identity for every property
I like that idea
can it also make up unique answers to “security” questions too ?
But let 1p keep track of it so I am not stuck in identity verification hell
Yea
Ah, as someone that has worked at the UK passport office that sounded interesting :D
So the sad part is, they store everything, but when you checkin at the hotel you still wait 10 minutes for the clerk to type everything over again and again
Next hack will be Hertz & Enterprise
https://www.gemalto.com/govt/travel/security-printing – apparently counterfeiting is still a thing
Stuff like this makes GDPR is a very needed initiative.. Policy.
I dunno, I feel like fines, or the threat of fines, won’t prevent these events
fines don’t get anyone’s data back
Fines will make companies do more to prevent things like this to happen. Personal data must be spread out, and for warehousing it must be anonimized for example. Also the retention of data is a topic.
I was a customer of Mariott in 2015.. why is my data still there ?
agree with all that
Aye, I know UK PCI mandates data can only be stored for a year, not sure about PII