On Thu, 25 Apr 2019 at 20:17, Doug Barton <do...@dougbarton.us> wrote:
> There are two mindsets that desperately need changing in the tech world: > > 1. Do not store data that you don't have a legitimate requirement to store > 2. Do not store anything even remotely sensitive in the clear #2 might be quite complex There might be all kind of instrumentation built by people who don't realise or have no easy ability to discriminate what is sensitive data. Like someone might build really great JVM/Beam/GraalVM instrumentation to monitor for performance regressions and deep analytics, some of the analytic data collected potentially could be sensitive. Or you might have some database where you store all exception traces and core dumps and machine analyse them, those could contain sensitive data. Or you could have analytics on UX, how people interact with the software. Or you could have internal network tap/sflow with decryption to better understand where network I/O bottlenecks are or something else that can't even think of now, but will be obvious after I read about it. Looking at the late Facebook 'clear text PW', it doesn't read to me like they had user auth data in database in plain text, it reads to me like they had some debugging on for one specific application, and people using that application to authenticate to facebook had their PW with other debugging data stored somewhere. I don't think it's tenable to hope that your sensitive data is being handle as sensitive data or assume it is outlier when it is not. I assume every sufficiently large and old company has my password stored somewhere in clear text right now without them realising it and they might come public when they realise it in few years time. We're particularly vulnerable when we think it as simple problem as hash in database and we would never do something so stupid as store cleartext in DB. -- ++ytti
