This specific type of vulnerability would not be found in mainstream social media sites such as Facebook or Twitter. We call this an insecure direct object reference, or IDOR: the Parler posts were listed one after another, so if you just add “1” to the URL, you could then scrape the next post, and so on. ![]() This is a fundamental security vulnerability. ![]() ordered their posts by number in the URL itself, so anyone with any programming knowledge could just download all of the public content. How was it possible to download so much data from Parler?įolks were able to download and archive the majority of Parler’s content. We’re the people who are trying to keep you safe.” To that end, Tobac also explained how even tame posts on mainstream social media sites could reveal more personal information than many users expect-and how they can protect themselves. “In the hacker community, we’re trying to help people understand that hackers are helpers. “The people that most people are talking about when they think of a hacker, those are criminals,” she says. To learn more about this issue, Scientific American spoke with Rachel Tobac, an ethical hacker and CEO of SocialProof Security, an organization that helps companies spot potential vulnerabilities to cyberattacks. And vulnerabilities that are legitimately used by investigators can be just as easily exploited by bad actors. Although many of those studying the Parler data are law enforcement officials looking into the Capitol insurrection, the situation provides a vivid example of the way social media posts-whether extreme or innocuous-can inadvertently reveal much more information than intended. Scientific American repeatedly e-mailed Parler’s media team for comment but had not received a response at the time of publication.Īmateur and federal investigators can extract a lot of information from this massive trove, including the locations and identities of Parler users. One researcher, who publicly identifies herself only by the Twitter handle led an effort that she claims downloaded and archived more than 99 percent of all data posted to Parler before Amazon Web Services stopped hosting the platform. But Internet sleuths had already begun downloading the potentially incriminating material. Once they realized this documentation could get them in trouble, many started deleting their posts. ![]() The platforms they used ranged from mainstream sites such as Facebook to niche ones such as Parler-a social networking service popular with right-wing groups. During the January 6 assault on the Capitol Building in Washington, D.C., rioters posted photographs and videos of their rampage on social media.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |