As we all know, security companies are there to tell everyone, how to be more secure and avoid getting our information stolen and/or abused by various means. They are meant to secure us, the customers, from day to day threats online or in real life, they are the ones that knows everything about security, right?
We are not the ones that should tell them, “hey, your mongoDB is leaking internal company data to the whole world, you should put a freaking password on it!”. If you ever have to do that, you start to lose trust in the company and how they do their customers security.
Well, i had to do just that this friday evening to one of Europe’s biggest consumer security companies. They have one of their backup servers MongoDB databases publicly accessible without any password protection or other protections in any form.
I never thought i would send that kind of email to a security company, let alone finding their internal company data publicly available to the world to do whatever the world does. Even if it was just to do some backups/testing, its still putting your company (data) at risk.
To sum it all up, if you work at a security company, in this time of age, you can’t just put private information on the internet and think, “oh it does not matter because nobody’s ever gonna find this”, oh they will find it and as soon as it’s public, you can’t delete it again.
So, today i opened up Thunderbird to see the below email.
Now, doing a Google search on the “Armada Collective” shows its an empty threat being send around.
Its basically, to get people that thinks its real and pay the 1 bitcoin ( which is around $600/540 euro ). The bitcoin address is empty with no activity ( at the time of this post ).
Ransomware written in the email here “Cerber”, is a new Crypto Ransomware that encrypts your files and asks for bitcoin to get access to the encrypted files, hence the Crypto in Crypto Ransomware.
IF its real, another post is gonna be posted to explain what happend.
Lets talk abit about “Responsible disclosure” as Wordfence as they said they did, when they disclosed information abit a plugin’s use of “cloak linking”.
“Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software often require time and resources to repair their mistakes. ”
Always try to contact the developer first, no matter what kind of reason. That is responsible disclosure and that will not cause unneeded problems, lose of customers and/or lose of respect from customers/users of a given service.
Its time to change. I guess, the Security scene has changed since I was in it.