cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Parler

OK, don't get your political knickers in a twist.  I'm not going to talk about Parler's politics.  Just their coding.

 

The reason that people were able to obtain so much data (*SO* much data) from Parler was that their security was terrible.  As in, non-existent.  No authentication.  Deleted content wasn't actually deleted, just marked deleted.  Post were identified by successively incremented numbers.  Wanna scrape Parler?  Easy-peasy.

 

Uploaded content was not modified.  In any way.  That means that metadata and location data in pictures and videos was still available.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
5 Replies
tmekelburg1
Community Champion

They also gave Users the option of getting a 'Verified Account' badge by taking a picture of their drivers license for verification. Not sure what could go wrong there... 

mrlithic
Newcomer I

If there are any Europeans subscribed to it  - they could be done for GDPR violations. 

 

Marriot was fined 150 million for unencrypted scans of passports. 

tmekelburg1
Community Champion

Intelligence reasons, although I must admit there wasn't a lot of that going around on the site.
AndreaMoore
Community Manager

As a reminder, keep all discussions on this community on the topic of related cybersecurity, threats, technology, etc. Any off-topic and/or political posts will be removed and subject to enforcement of usage guidelines up to and including banned Community usage. 

 

For reference, the Community's usage policy can be found here: https://community.isc2.org/t5/Welcome/ISC-Community-Usage-Policy-Guidelines-Updated-October-2020/m-p... 

 

Any questions regarding appropriateness of topics, feel free to email the administrator at community@isc2.org

 

Thank you.




ISC2 Community Manager
Beads
Advocate I

As a community we should strive to help guide the discourse toward better security regardless of thoughts on the subject or material at hand. I get enough political nothingness through LinkedIn as it is. Let's draw the line somewhere.

 

Pointing out some bad practices is no cause for immediate alarm but not relying that information to the Paler administration is.

 

- b/eads