The GiveSendGo Data Leak
Episode 09: Show Notes
As you are probably aware, earlier this year, a convoy of truckers was making the news for protesting COVID mandates and vaccinations in Canada. Part of the convoy was raising money through GoFundMe to support these protests. After they were shut down by the site, they moved their fundraising efforts to the religious-based fundraising site: GiveSendGo. It wasn’t long before a security researcher examined the site’s code and stumbled upon most or all of the major files and private data that were being used by the website, all publicly accessible on the internet. Today we discuss how this mistake was made, what S3 buckets are supposed to be used for, and how the website’s HTML source has been updated since the vulnerability was discovered. To discover the dangers of not reorienting your mentality to optimizing for the cloud, to learn more about the set of skills we need to have when engaging with the cloud, and to hear our best practices to help you ensure that you never make a mistake like this, tune in today!
Key Points From This Episode:
Tweetables:
“Understand what your business purpose is: what data are you collecting, what data are you storing, what data are you retrieving, what obligations does that data impose upon you?” — Jon Gallagher [0:26:19]
“Think of some of these cloud tools as chainsaws: They’re incredibly powerful but you need to be safe with them. You can get a lot done with them if you are trained to use it and if it’s in the right hands” — Logan Gallagher [0:28:49]
Links Mentioned in Today’s Episode:
The GiveSendGo Data Leak
Episode 09: Show Notes
As you are probably aware, earlier this year, a convoy of truckers was making the news for protesting COVID mandates and vaccinations in Canada. Part of the convoy was raising money through GoFundMe to support these protests. After they were shut down by the site, they moved their fundraising efforts to the religious-based fundraising site: GiveSendGo. It wasn’t long before a security researcher examined the site’s code and stumbled upon most or all of the major files and private data that were being used by the website, all publicly accessible on the internet. Today we discuss how this mistake was made, what S3 buckets are supposed to be used for, and how the website’s HTML source has been updated since the vulnerability was discovered. To discover the dangers of not reorienting your mentality to optimizing for the cloud, to learn more about the set of skills we need to have when engaging with the cloud, and to hear our best practices to help you ensure that you never make a mistake like this, tune in today!
Key Points From This Episode:
Tweetables:
“Understand what your business purpose is: what data are you collecting, what data are you storing, what data are you retrieving, what obligations does that data impose upon you?” — Jon Gallagher [0:26:19]
“Think of some of these cloud tools as chainsaws: They’re incredibly powerful but you need to be safe with them. You can get a lot done with them if you are trained to use it and if it’s in the right hands” — Logan Gallagher [0:28:49]
Links Mentioned in Today’s Episode: