Budget hotel chain, UK political party, Monzo Bank, Patreon caught in Typeform database hack More entities affected by the computer security breach at web form and survey company Typeform have come forward, including budget hotel chain Travelodge and UK political party the Liberal Democrats. The survey-as-a-service biz discovered on 27 June that an intruder had accessed files from a "partial backup" dated 3 May …
That got me wondering whether someone has ever crashed or exploited a system solely by use of the date field- or rather, by how it would be converted into a timestamp. (#)
If nothing else, there must be the potential for overflow in there somewhere; for example, you might not be allowed a future date, but perhaps Little Bobby Tables is older than he looks and was born some time before 1901...
(#) Pretty sure *someone* must have at some point, I'm just to lazy^w busy to look it up just now.
"Why some companies think they need your date of birth to sell you mince pies remains a mystery."
Quite - which is why whenever a site/form/whatever asks for my DoB, if I don't think they really need it I give them a false one and add it to the data in my password database in case they ever try to use it as some kind of security bollocks.
(I've tried to make myself ludicrously old a couple of times, but the sites I tried that on wouldn't accept that I could possibly be over five hundred years old.)
... but not sufficiently seriously that we had second thoughts about using a third party over whom we have little effective control to process it for us.
It's almost impossible to buy goods or services these days without being harried to provide feedback, a lot of which is actually collected by marketing and PR companies or technically outsourced. I'm sure this is just the tip of an iceberg.
When a business wishes to "engage" with you, it's usually a good idea just to say "no" - very little benefit is going to come your way...
I've always been very skeptical about any of these SaaS companies, especially as most of them are based in the USA, with its virtually non-existent Data Protection laws, and we only have their word that the data for each of the customers (Data Controllers) for whom they are acting as a Data Processor are kept entirely separate and that they can't murkily data-mine within their entire gold seam of data for dubious purposes and cross-reference the data held by different clients.
Having said that, data security is quite hard to get right (not that there should be any excuse for getting it wrong: if you are working in this field, the onus is most definitely on you to learn and follow best practices), but it's very disheartening to hear that a company for whom securely storing personal data is their whole business is really no better at it than One Teenager and a Dog Kewl Web Designz, Ltd...
Non-existent data protection laws? You're behiond the times dear heart - they have well over fifty; a minimum of one per state, plus Federal laws. IIRC the shortest mandatory disclosure period is 28 days (Iowa, is it? Can't remember)) but there's a straightforward lowest-one-wins effect for companies likely to conduct business in every state. for the ones that also operate in the EU, it'd be much simpler to just bite the bullet and go full 72 hours -- unless they're Facebook of course.
It's almost impossible to buy goods or services these days without being harried to provide feedback... I'm sure this is just the tip of an iceberg.
Every time you are asked for your information in response to making a purchase or visiting a web site, say "It's just the tip!" to generate an accurate mental image of what is going on.
"It's almost impossible to buy goods or services these days without being harried to provide feedback, a lot of which is actually collected by marketing and PR companies or technically outsourced. I'm sure this is just the tip of an iceberg."
I'm not sure it's just cheaping out by the site owners or if the stuff they need to use is either not available or prohibitively expensive to just by and host. The same applies to scripts and fonts. Why would a site need to access sometimes many 10's of 3rd parties just to display it's own pages? It seems few companies, no matter how big, have proper web or other devs any more. Pretty much all web pages are little more than a a number of black boxes plugged together in the hope that it will work and no one actually knows how the whole site works. Websites As A Service.
All day long, this! Even if it means reinventing the wheel, I try wherever possible with my sites to develop it myself and avoid using libraries. I'm not prepared to rush out features or capabilities simply because somebody else has already done it or it's trendy.
I'm registered with Travelodge but haven't received an email from them (so far) but I've changed my password this morning.
There's no mention of the breach on either Travelodge's nor Typeform's web sites. If you have the tspprs pi-hole list it blocks 6 typeform.com subdomains.
"While we have not been made aware of any fraudulent use to date, it is possible that you could receive unwanted contact and your details may be used to find out more about you," it added. "You should therefore remain vigilant for any unusual activity."
I normally charge out at £40 per hour but for you, i'll charge a beneficial rate of only £10 per hour. Of course, that's 24/7 vigilance so if you'll just send me the necessary info. for billing and the first weeks payment, and weekly thereafter, in advance that'd be great, thanks.
On the brightside, at least the Lib Dem breach didn't affect any sizeable number of people.
>On the brightside, at least the Lib Dem breach didn't affect any sizeable number of people.
Heyyyyy...l Don't knock it til you've tried it! We've got >100,000 members - more than the Tories or UKIP, dash it all -- and we're growing faster than Labour. (Not that there's much chance of a Corbynoid army of enraged middle classes taking to the streets and demanding the abolition of capitalism, but some might say that's a good thing rather than a bad.) Anyway, my membership card shows a pair of pasty white knobbly knees and shins clad in yellow socks and shod with 70s style sandals,. What other party would take the piss out of themselves like that?
I just received an email from Argos asking me to do a survey because I just bought something from them.
The email contained the above statement. So I thought I would at least look at the survey.
It was hosted on survey.foreseeresults(dot)com
(Yes I know it's not Typeform, but you would think they would at least know not to make misleading statements like that)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
