Explorercreate account

You Can Access Passwords, Ongoing Discussions of Security Vulnerabilities and Other Sensitive Data of Governments, UN, Companies Using Search Engines + China Moving Beyond Cashless into An Orwellian Nightmare

View this thread on: d.buzz | hive.blog | peakd.com | ecency.com
privacy·@vimukthi·
0.000 HBD
You Can Access Passwords, Ongoing Discussions of Security Vulnerabilities and Other Sensitive Data of Governments, UN, Companies Using Search Engines + China Moving Beyond Cashless into An Orwellian Nightmare 
>__on Trello, a popular project management website, the governments of the United Kingdom and Canada exposed to the entire internet details of software bugs and security plans, as well as passwords for servers, official internet domains, conference calls, and an event-planning system. The U.K. government also exposed a small quantity of code for running a government website, as well as a limited number of emails. All told, between the two governments, a total of 50 Trello pages, known on the site as “boards,” were published on the open web and indexed by Google.__

__You bet I kept reading that article. This was just after I shared details about the [Sidekik](https://steemhunt.com/@vimukthi/sidekik-make-ai-version-of-yourself-demo-with-a-trump-twitter-bot) which allows you to create an AI version of yourself by analyzing all your data. When it comes toa massive government some intelligent people will not put any faith in them. But still many puts more faith in private companies technology companies who are supposed to know things better. But it seems that the ease and lack of care even plagues those who are supposed to fix the bugs vulnerabilities.__

# When Guardians Leave Diligence At Door
https://cdn-images-1.medium.com/max/2000/1*ahyfE1agxgc9o6nCzgFaqw.png

https://cdn-images-1.medium.com/max/2000/1*yaYKutX1R3CPQeyUvZlhDg.png

https://cdn-images-1.medium.com/max/2000/1*veQ-qThllY0t46a7C9NMhg.png

__Source: https://medium.freecodecamp.org/discovering-the-hidden-mine-of-credentials-and-sensitive-information-8e5ccfef2724__

__All sorts of sensitive information were discussed including security vulnerabilities (which means these were the people who were in charge of security) in a way that a malicious actor could simply use a search engine to mine these information. The person who discovered and reported this to these companies (Kushagra Pathak) was pretty much left without compensation because even bug bounty programs don't categorize these sort of reporting to become eligible for rewards.__

__Then again, it was the people who are taking care of these bugs that messed up things in the first place. Now just imagine all this information being sold on the black market. Is there even enough reasons to think that it has not happened. When you think about hacks into multi billion dollar corporations, don't you think that something like this couldn't have helped such hacks?__

# [Even UN Messed Up](https://theintercept.com/2018/09/24/united-nations-trello-jira-google-docs-passwords/)
> - __A social media team promoting the U.N.’s “peace and security” efforts published credentials to access a U.N. remote file access, or FTP, server in a Trello card coordinating promotion of the International Day of United Nations Peacekeepers. It is not clear what information was on the server; Pathak said he did not connect to it.__
>- __One public Trello board used by the developers of Humanitarian Response and ReliefWeb, both websites run by the U.N.’s Office for the Coordination of Humanitarian Affairs, included sensitive information like internal task lists and meeting notes. One public card from the board had a PDF, marked “for internal use only,” that contained a map of all U.N. buildings in New York City. Another card had an attached PDF that included a phone tree with names and phones numbers of people working for a division of U.N.’s human resources department. Some cards contained links to internal documents hosted on Google Docs that, in turn, contained sensitive information about web development projects, including a web address and password to access a staging environment to test early features of the website.__

__You can read more following the above link.__

# The Power of Meta Data
>__Facebook’s data trove goes beyond posts or location, though. By analysing your likes and interactions, Facebook can deduce private information you would never willingly agree to share. It does this with surprising accuracy.
Jamie Bartlett demonstrated this on a smaller scale in his brilliant book The People vs Tech when he visited Michal Kosinski at Stanford University. He gave Kosinski just 200 Facebook likes, and their system was able to determine a variety of personal information.
Some examples of information the system found out about Jamie Bartlett:
o Education: Studied history at university
o Politics: Liberal
o Religion: Atheist (If he was religious, probably Christian)
All of these predictions were accurate, and all it took was 200 Facebook likes (a shred of the actual amount of information Facebook has on its users).
[Source](https://medium.com/@richardhaas1999/if-youre-not-worried-about-facebook-you-should-be-ac7808412ab2)__

__Now the problem is that your data are not just accessed by tech companies. They are pretty much stolen all the time in small amounts. The reason why even the "patriots" opposed Apple Inc making a backdoor for iPhone is because any tool can eventually be gained by the "bad guys". That's why I'm such a fan of zero-knowledge proofs and Enigma Protocol.__

>__This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.__

__That's what Facebook said when it discovered a security breach that affected 50 million users. @jaicha made a post about this [here.](https://steemit.com/steemit/@jaichai/ijch-nah-nah-na-nah-nah-facebook-discloses-hack-affecting-50-million-accounts-go-steemit) The exploit was capable because of some features added for convenience.__

https://fbnewsroomus.files.wordpress.com/2018/09/42647794_340201783392972_4207828087510925312_n.png?w=960&h=551

>__Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.__

__Then there are these [quiet fights against privacy laws from Google and Facebook.](https://medium.com/theintercept/google-and-facebook-are-quietly-fighting-californias-privacy-rights-initiative-emails-reveal-bcb2e8c28fa0) This is all the while Silicon Valley is getting cozy with the Orwellian China. I must stress that China isn't all bad. They have some amazing technological developments in developed parts of the country that easily surpass most of the developed world without even breaking a sweat. Just look at what you can do with WeChat app alone:__

https://www.youtube.com/watch?v=gysKE3POUv0

__Now all that info (including GPS data) goes to one company (Tencent) that is cozy with the government. I highly applaud the developments. But the lack of privacy is a nightmare. But it does make a lot of money and Silicon Valley don't want to miss out.__
👍 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
properties (23)vote details (1000)