Cybersecurity

6100 readers

204 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

[email protected]

131

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach (www.malwarebytes.com)

submitted 3 days ago by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 12 points 3 days ago (4 children)

Just one more of a million massive breaches within the last 10 years. No real consequences, I’m sure.

At this point, I think it’s safe to say that no individual person’s personal data hasn’t been caught in one of these breaches (unless they were born very recently). That’s not even mentioning the hundreds of vendors who I no longer work with but still have my sensitive data on their systems.

I heard an idea a few years ago that I found interesting: each person has their private data hosted on a secure data hub. If a vendor needs some of that data (ex: FirstName, LastName, Email) for their system, they have to make a request to your hub for it, which you then have to approve. Each time a vendor system needs that data, they make a callout to your hub. As long as they have an active approval, the callout would succeed for the fields they’ve been authorized. You can then revoke that request whenever you’d like.

I like the idea of having a running list of vendors who have access to your data and being able to revoke that data. However, it would also create a single location (your data hub) that could be breached and be a higher value target than any of the particular vendors.

Trade-offs.

[–] [email protected] 2 points 3 days ago (2 children)

Sounds similar to OpenId connect for authentication, service requests scopes which pulls varying info and user can be shown a consent screen with what data is being requested for approval.

I'd like a similar model for data sharing, though you will need privacy laws since you can revoke access in this case, but currently there would be nothing preventing storing your data at the time elsewhere or sharing it.

[–] [email protected] 1 points 2 days ago (1 children)

Yeah, that’s the downside with data like this, nothing prevents copying it. You’d need fines to help enforce it (which, as we’ve seen from this exact article, aren’t an effective deterrent).

[–] [email protected] 2 points 2 days ago

Fines would have to be something crazy like Tik Tok ban $5000 per user type of deal

load more comments (1 replies)