Re: Ever use Timehop?

rslade · ‎07-09-2018

Timehop was an app that would scrape your social media and "remind" you of anniversaries at a later date.

As such, it had to have permission to access your social media.

Well, it got hacked. (Well, maybe I shouldn't say it got hacked, since that implies some intelligence and sophistication on the part of the attackers. Actually, Timehop was just careless about passwords.)

Which means that someone has your passwords. Well, access tokens, anyway. (If you ever used Timehop, that is.)

Do you really need to give that app access to your accounts? (Not just Timehop, of course. Lots and lots and lots of apps ...)

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

Shannon · ‎07-10-2018

In my case, there's usually one of 3 outcomes:-

An app asks for full access to resources during installation --- which I may not grant unless I see them as necessary. If installation continues & the app runs without these, well and good.
An app fails to install unless I grant access, in which case I'll give it access during installation, but revoke the permissions in the security settings immediately after. If the app still runs after that, well and good.
An app fails to run after I revoke permissions in the security settings, unless I again grant access. At this point I'll decide on whether I can do without the app.

In my opinion, it isn't worth compromising security to attain functionality that isn't essential...

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz