![]() They’re also potentially accessible to those making use of the premium features. In some cases, the documents being uploaded were confidential and should not have made their way to the VirusTotal service.Īs we said at the time, files uploaded are not only shared with the 70 or so security vendors making up the bulk of the visible scanning service. This translates as the Federal Office for Security in Information Technology. In March of last year, semi-automated uploads to VirusTotal were flagged by the German Bundesamt für Sicherheit in der Informationstechnik (BSI). Accidents of this nature tend to come about because folks making use of the service don’t quite realise the way data is used once submitted. You may also sometimes see VirusTotal pages linked directly from security blogs such as our own. The results are often findable online via search engine, or hunting for specific file characteristics while on the VirusTotal website. After all, what use is an email address if you can’t email people?Īs for VirusTotal itself, submitted files can be shared and analysed via the security organisations tied to the scanning service. Someone genuinely determined to pull up a name or email address can usually do it by checking relevant websites or simply asking around. While there is some element of risk here, it’s important not to get carried away. This is of course good news, and much better than everyone running around yelling that the sky is falling. ![]() The UK’s Ministry of Defence told The Record that they consider the data to be non-sensitive, and also low risk. Commentary from some of the impacted organisations suggest this isn’t that big of a deal. The file was removed by VirusTotal within an hour of it being uploaded. There are full names tied to emails from the Ministry of Defence, Pensions Regulator, and the Cabinet Office, among others. Sadly the emails listed are not entirely anonymous. Meanwhile, the UK tally includes “a dozen Ministry of Defence personnel”, and emails tied to CERT-UK/National Cyber Security Centre, a part of the UK’s Government Communications Headquarters (GCHQ). The Record cites individuals affiliated with the NSA, FBI, Pentagon, and other US military service branches. The list makes up roughly 5,600 of the site’s customers, and identities multiple security-centric entities. The service, used to scan files for signs of potential malicious activity, is used by security professionals and folks just interested in the files making their way to their systems. A document accidentally uploaded to Google’s VirusTotal service has resulted in the potential exposure of defence and intelligence agency names and email addresses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |