This article discusses how Chris
Vickery, a security researcher signed a partnership with the (notoriously
questionable) anti-virus software firm MacKeeper. Chris Vickery is a security researcher who
discovered an openly available database of MacKeeper’s users online, as well as
several other databases. Vickery will
now lead the Analytical and Security Center, as well as head the Security Watch
blog.
These databases are not simply
databases in the Internet that happen to be hidden from the public. Rather, they are inappropriately leaked,
sometimes by human error, sometimes on purpose.
There are several issues with these wrongly available databases. Most importantly, the databases most commonly
leaked provide personal information about the customers intended to be kept
confidential. Worse yet, many companies
have established programs that make searching this released data easy – easy to
find specific names and potentially steal information and ruin an individual’s
reputation (à la the infamous Ashley Madison leak). Further, the company’s image is often tainted
after their data is leaked. Customers
have a hard time trusting the company, as they assume the company’s security to
be insufficient. In these ways, private
data can have ruinous results if publicly published.
Vickery made a point to advise
staff in Information Technologies. He
said that there is a simple test IT employees can use to determine whether the
database is freely accessible: employees should try to access the IP addresses and
servers they use through their personal computers outside of the office. Vickery explained that if an IT employee can
reach the database from his or her personal computer, then anyone in the world
can access the database. Vickery noted
that this simple process was the downfall of most of the databases he found –
many employees were careless enough to pass over this crucial, yet effortless
detail.
MacKeeper has formed plans to
strengthen their security as to be better defended from potential database leaks. The firm intends to focus on auditing the
security software, examining and verifying the software is being used at its
maximum potential without any errors. In
addition, MacKeeper will be fully utilizing its partnership with Chris
Vickery. Vickery, known for discovering
wrongly published databases and delivering news of hacks and data breaches,
will maintain MacKeeper’s Security Watch blog where he will provide advice on
security and new vulnerabilities, as to further protect the information of firms
and the public.
I wish this article provided more
information about how Chris Vickery
located MacKeeper’s openly available database – did he use a program, and if
so, which one did he use? I am also
interested in who assembles and publishes these databases to the Internet (I
later found the answers to these questions in this article: http://www.digitaltrends.com/computing/database-13-million-mackeeper-users-easily-accessed-online/
).
No comments:
Post a Comment