Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II
‎01-12-2021 01:35 PM
‎01-12-2021 01:35 PM

Parler

OK, don't get your political knickers in a twist.  I'm not going to talk about Parler's politics.  Just their coding.

 

The reason that people were able to obtain so much data (*SO* much data) from Parler was that their security was terrible.  As in, non-existent.  No authentication.  Deleted content wasn't actually deleted, just marked deleted.  Post were identified by successively incremented numbers.  Wanna scrape Parler?  Easy-peasy.

 

Uploaded content was not modified.  In any way.  That means that metadata and location data in pictures and videos was still available.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
5 Replies
tmekelburg1
Community Champion
‎01-12-2021 02:26 PM
‎01-12-2021 02:26 PM

They also gave Users the option of getting a 'Verified Account' badge by taking a picture of their drivers license for verification. Not sure what could go wrong there... 

Reply
0 Kudos
mrlithic
Newcomer I
‎01-12-2021 05:09 PM
‎01-12-2021 05:09 PM

If there are any Europeans subscribed to it  - they could be done for GDPR violations. 

 

Marriot was fined 150 million for unencrypted scans of passports. 

Reply
0 Kudos
tmekelburg1
Community Champion
‎01-12-2021 07:31 PM
‎01-12-2021 07:31 PM

Intelligence reasons, although I must admit there wasn't a lot of that going around on the site.
Reply
AndreaMoore
Community Manager
Community Manager
‎01-13-2021 11:44 AM
‎01-13-2021 11:44 AM

As a reminder, keep all discussions on this community on the topic of related cybersecurity, threats, technology, etc. Any off-topic and/or political posts will be removed and subject to enforcement of usage guidelines up to and including banned Community usage. 

 

For reference, the Community's usage policy can be found here: https://community.isc2.org/t5/Welcome/ISC-Community-Usage-Policy-Guidelines-Updated-October-2020/m-p... 

 

Any questions regarding appropriateness of topics, feel free to email the administrator at community@isc2.org

 

Thank you.




ISC2 Community Manager
Reply
0 Kudos
Beads
Advocate I
‎01-13-2021 05:41 PM
‎01-13-2021 05:41 PM

As a community we should strive to help guide the discourse toward better security regardless of thoughts on the subject or material at hand. I get enough political nothingness through LinkedIn as it is. Let's draw the line somewhere.

 

Pointing out some bad practices is no cause for immediate alarm but not relying that information to the Paler administration is.

 

- b/eads

Reply
0 Kudos