Quote from: Olneythelonely on May 22, 2024, 08:04:17 AMQuote from: Weedy on May 22, 2024, 12:31:08 AMCheck here to see if any of your details are 'out there' :-https://haveibeenpwned.com/That’s what a hacker would ask us to do. nearly fell for it just now
Quote from: Weedy on May 22, 2024, 12:31:08 AMCheck here to see if any of your details are 'out there' :-https://haveibeenpwned.com/That’s what a hacker would ask us to do.
Check here to see if any of your details are 'out there' :-https://haveibeenpwned.com/
Good job I changed all my online passwords last week from “Athens2024” to “Munich2025”.
I have gone for a new, longer password with a mixture of upper and lower case, a number, and a special character. This will take centuries to crackSCORRRRRRrRRRRRRRRRRRRRRRRRRRCHI0OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!
Aston Villa is aware of recent news reports of a publicly accessible AWS S3 bucket which reportedly contains fan data.First and foremost, Aston Villa takes the privacy and security of its fans’ personal data extremely seriously and is carrying out a full and robust investigation into these reports, led by its Data Protection Officer and supported by the Club’s incident response team.The Club believes that the reports relate to a vulnerability on one of its service provider’s systems and is working closely with the service provider, who are implementing their own in-depth inquiry.Aston Villa will continue to communicate any updates from the ongoing investigation in due course but would like to reassure supporters that the Club is seeking a swift and thorough resolution to the matter.
Not sure I agree with that (well actually, I’m totally sure, I don’t agree with it) bad security is bad security whether it’s in the cloud or a traditional standalone data centre, and web services have to talk to it, regardless, there’s nothing intrinsically unsafe about data being in the cloud. It’s still in a data centre. Knowing what the ip address is also makes no difference - the content running in your browser hits a web service somewhere to be able to do anything. It being on AWS or Azure rather than an independent data centre makes zero difference. In fact, I’d argue cloud providers probably provide better baked in security in their infrastructure than your average business running its own servers in a dark room at the back of their office somewhere.
Quote from: pauliewalnuts on May 21, 2024, 11:13:07 PMNot sure I agree with that (well actually, I’m totally sure, I don’t agree with it) bad security is bad security whether it’s in the cloud or a traditional standalone data centre, and web services have to talk to it, regardless, there’s nothing intrinsically unsafe about data being in the cloud. It’s still in a data centre. Knowing what the ip address is also makes no difference - the content running in your browser hits a web service somewhere to be able to do anything. It being on AWS or Azure rather than an independent data centre makes zero difference. In fact, I’d argue cloud providers probably provide better baked in security in their infrastructure than your average business running its own servers in a dark room at the back of their office somewhere.It is not the cloud providers specific security I was getting at, just that in the old days when apps were server based and "onsite", the infra teams would/should have setup DMZ's which allowed controlled access to the website, and even more controlled access to the data stores behind it. Not unhackable but at least the control was there.
Quote from: Somniloquism on May 24, 2024, 02:47:34 PMQuote from: pauliewalnuts on May 21, 2024, 11:13:07 PMNot sure I agree with that (well actually, I’m totally sure, I don’t agree with it) bad security is bad security whether it’s in the cloud or a traditional standalone data centre, and web services have to talk to it, regardless, there’s nothing intrinsically unsafe about data being in the cloud. It’s still in a data centre. Knowing what the ip address is also makes no difference - the content running in your browser hits a web service somewhere to be able to do anything. It being on AWS or Azure rather than an independent data centre makes zero difference. In fact, I’d argue cloud providers probably provide better baked in security in their infrastructure than your average business running its own servers in a dark room at the back of their office somewhere.It is not the cloud providers specific security I was getting at, just that in the old days when apps were server based and "onsite", the infra teams would/should have setup DMZ's which allowed controlled access to the website, and even more controlled access to the data stores behind it. Not unhackable but at least the control was there. We can have a geek-off in another part of the forum if you want, but I'm with Paulie here. On-site vs cloud makes no difference. Those same "infra teams" you called out should still be doing that same work, just in the cloud now or both if hybrid. If companies are cutting corners on that and assuming the cloud provider will do it all for them, then that is on them.
Quote from: astonvilla82 on May 22, 2024, 09:40:29 AMQuote from: Olneythelonely on May 22, 2024, 08:04:17 AMQuote from: Weedy on May 22, 2024, 12:31:08 AMCheck here to see if any of your details are 'out there' :-https://haveibeenpwned.com/That’s what a hacker would ask us to do. nearly fell for it just now Feel free to do your own checks but I’ve used it before (with startling results) and did again. I’ve seen some reviews which argue they could make the way email addresses are submitted a bit more secure, and it’s not the only such service, but generally there seems to be a sense it’s a useful tool, I’d be happy if this clearly more ITK could give a more confident assessment . One review pointed out if you are taking the time to check if you are exposed pointed out you should be taking the time to use different passwords on every app/website.
The original article about this on the OS has been updated. The club has been informed by the service provider that no password or payment data has been compromised.