Sensitive Information Leaked Publicly

  • 0

Sensitive Information Leaked Publicly

Category : Blog

Sensitive Information Leaked Publicly

“Think twice before you click” We often shared to computer users to help them protect from unreliable links and malware infected email links. Wait a moment and look at the pop-up “Do not show this message again”. This is a warning message which we face daily. It is trying to say that if we “really” know what we are about to do. Sensitive Information Leaked Publicly

But this weekend we were once again reminded of the risk of clicking on the “Do not show this message again” option.

UK-based security architect Kevin Beaumont writes on Twitter, after noticing that personal and sensitive information like passwords, social security numbers, dates of birth, credit card statements, medical details were being shared publicly on Microsoft’s document-sharing website, docs.com.

Rob Griffiths writes on his blog that when we upload a file to docs.com, it makes it publicly accessible by default:

Sensitive Information Leaked Publicly

Microsoft clearly realised this might be a problem as its docs.com site displays a warning when you attempt to publish the document.

Sensitive Information Leaked Publicly

And there lies the risk. The warning isn’t really a strong message. But then things get even worse because it is so easy to tell this dialog to go away and never show its face again.

Griffiths summarise the issue:-

“I really don’t think Microsoft should default to public share for any uploaded file; that’s just not a safe strategy. (The other setting is Limited, which means a user must have a link to your document to view it. This would protect users from accidentally sharing files that were intended to be privately shared, not publicly visible.)And if, for whatever reason, Microsoft doesn’t want to default to Limited, then that warning dialog should pop up every single time, with no way to bypass it. If you’ve used docs.com, you may want to double-check that what you thought was private is actually private.”

Ultimately you are the user of your personal and sensitive information. If you feel to use a cloud-based service to store your confidential data, then please be careful to think twice before you click – especially when it comes to warning message that conclude with the dangerous words “Do not show this message again”.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 


Leave a Reply

Show Buttons
Hide Buttons