Information Security & Occasional Forays Into Adjacent Realms
Our sincere thanks to BSidesLV for publishing their outstanding conference videos on the organization's YouTube channel.
Bad news for XKCD user forum members - all 562,000 of them - reports Sergiu Gatlan (writing for Bleeping Computer) in a blog post on September 3rd; as email addresses, user names IP addresses, and salted and hashed passwords in MD5 format for all users on the discussion site have been exposed.
"The compromised user information including usernames, emails, and IP addresses, as well as hashed and salted passwords stored in MD5 phpBB3 format, was added to Have I Been Pwned's database on September 1, after being provided by security researcher and data analyst Adam Davies." via Sergiu Gatlan reporting for Bleeping Computer
Bad Behaviors should not be tolerated... Behold, and examine, if you will, the data exfiltrated (in this case, the inventory of extensions installed in your broweser, and data contained therein) by Linkedin (Nasdaq: LNKD) when the user authenticates at the company's primary public-facing site. Utilizing tools authored by the inimitable Corey Prophitt it's a revelation of the worst kind. Simply Astounding (and certainly bad behavior by a Microsoft Corporation (Nasdaq MSFT) owned company). Hat Tip.
"How would you feel if you opened a program and the program started to check your file system to see what other programs you had installed? You would probably feel the software was overstepping. This is essentially what LInkedIn does when you visit their website. LinkedIn will scan your local browser files in an attempt to identify a number of different browser extensions you may have installed. The data collected by LinkedIn is then exfiltrated from the browser." - via Corey Prophitt, writing at Prophitt.me