The real learning is that lots of people don't know what they're logging. Logs are dangerous, and you should regularly check they don't contain anything you wouldn't want made public
A "no logging" VPN service had millions of user logs exposed on an open Elasticsearch server, including plaintext passwords, geo, & IPs and took 2+ weeks to close after being notified. Lesson: Commercial VPN services lie. A lot.
Kenn White (@kennwhite)Thu, 16 Jul 2020 16:29 UTC
This post was filed under reposts.