The Pastebin attacks

Not understanding a tool has costs

Using internet based services to save work and money is a staple of the new economy. However, it should go without saying, one really needs to understand the tool one uses before one attempts to use it. Just like tragedy is likely for someone using a chainsaw with little respect or understanding, some free internet tools come with large risks. Pastebin is a tool similar to the chainsaw.

The security press highlights hacks using pastebin

Orvis leaks internal passwords – Krebs

The pastebin hack is not particular new back in June Krebs highlighted it’s use

Pastebin is a great tool for Cyber Criminals

Several security sites are posting stories now of hacks attributed to pastebin usage. Pastebin.com and others like it are sites that make it easy to send text between users for use at their workstation. One can copy and paste text to the service, the service will then provide a link to the pasted text, one can then send that URL to colleagues for them to use. Very helpful but not very secure. What you paste to pastebin is publicly accessible. Even things using the encrypted versions of pastebin have significant security flaws.

Sharing passwords is something we have to do because of the realities of account creation and management for modern business life. Sharing passwords is hard to do securely and is best done using specialized tools. It is terrible that we have to add another layer of friction on top of good password management, especially so because so many find password management hard and will not embrace it as a core professional responsibility.

Password managers are the best easy way to share passwords with colleagues. This presents problems when an organization does not adopt a single password management solution. A phone call to tell your colleague the password is probably best if you don’t have the specialized tools at your finger tips. A Caveat though, it is very likely the password will be written down during the conversation, this can represent a security hole. Make sure everyone understands the importance of destroying the note and/or changing the password shortly after sharing it.

Share:

More Posts

Kodi Data Breach

Ravie Lakshmanan is reporting for The Hacker News: 400K User Records and private messages have been stolen. If you are a victim, hopefully, you are

Germany battles Hydra

Germany seizes 2.3 Million from Hydra In a headline straight out of the Marvel Universe, bleepingcomputer.com is reporting “Germany takes down Hydra, world’s largest darknet

Send Us A Message