Is Your Google Groups Leaking Data?



  • Google is reminding organizations to review how much of theirGoogle Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who:undefined:’:undefined:ve been busy cataloging thousands of companies that are using public Google Groups lists to manage customer support and in some cases sensitive internal communications.

    Google Groups is a service from Google that provides discussion groups for people sharing common interests. Because of the organic way Google Groups tend to grow as more people are added to projects :undefined:—:undefined: and perhaps given the ability to create public accounts on otherwise private groups :undefined:—:undefined: a number of organizations with household names are leaking sensitive data in their message lists.

    Many Google Groups leak emails that should probably not be public but are nevertheless searchable on Google, including personal information such as passwords and financial data, and in many cases comprehensive lists of company employee names, addresses and emails.

    By default, Google Groups are set to private. But Google acknowledges that there have been :undefined:“:undefined:a small number of instances where customers have accidentally shared sensitive information as a result of misconfigured Google Groups privacy settings.:undefined:”:undefined:

    In early May, KrebsOnSecurity heard from two researchers atKenna Security who started combing through Google Groups for sensitive data. They found thousands of organizations that seem to be inadvertently leaking internal or customer information.

    The researchers saythey discovered more than 9,600 organizations with public Google Groups settings, and estimate that about one-third of those organizations are currently leaking some form of sensitive email. Those affected include Fortune 500 companies, hospitals, universities and colleges, newspapers and television stations and U.S. government agencies.

    In most cases, to find sensitive messages it:undefined:’:undefined:s enough to load the company:undefined:’:undefined:s public Google Groups page and start typing in key search terms, such as :undefined:“:undefined:password,:undefined:”:undefined: :undefined:“:undefined:account,:undefined:”:undefined: :undefined:“:undefined:hr,:undefined:”:undefined: :undefined:“:undefined:accounting,:undefined:”:undefined: :undefined:“:undefined:username:undefined:”:undefined: and :undefined:“:undefined:http::undefined:”:undefined:.

    Many organizations seem to have used Google Groups to index customer support emails, which can contain all kinds of personal information :undefined:—:undefined: particularly in cases where one employee is emailing another.

    Here are just a few of their more eyebrow-raising finds:

    :undefined:•:undefined: Re: Document(s) for Review for Customer [REDACTED]. Group: Accounts Payable
    :undefined:•:undefined: Re: URGENT: Past Due Invoice. Group: Accounts Payable
    :undefined:•:undefined: Fw: Password Recovery. Group: Support
    :undefined:•:undefined: GitHub credentials. Group: [REDACTED]
    :undefined:•:undefined: Sandbox: Finish resetting your Salesforce password. Group: [REDACTED]
    :undefined:•:undefined: RE: [REDACTED] Suspension Documents. Group: Risk and Fraud Management

    Apart from exposing personal and financial data, misconfigured Google Groups accounts sometimes publicly index a tremendous amount of information about the organization itself, including links to employee manuals, staffing schedules, reports about outages and application bugs, as well as other internal resources.

    This information could be a potential gold mine for hackers seeking to conduct so-called :undefined:“:undefined:spearphishing:undefined:”:undefined: attacks that single out specific employees at a targeted organization. Such information also would be useful for criminals who specialize in :undefined:“:undefined:business email compromise:undefined:”:undefined: (BEC) or :undefined:“:undefined:CEO fraud:undefined:”:undefined: schemes, in which thieves spoof emails from top executives to folks in finance asking for large sums of money to be wired to a third-party account in another country.

    :undefined:“:undefined:The possible implications include spearphishing, account takeover, and a wide variety of case-specific fraud and abuse,:undefined:”:undefined: the Kenna Security team wrote.

    Inits own blog post on the topic, Google said organizations using Google Groups should carefully consider whether to change the access to groups from :undefined:“:undefined:private:undefined:”:undefined: to :undefined:“:undefined:public:undefined:”:undefined: on the Internet. The company stresses that public groups have the marker :undefined:“:undefined:shared publicly:undefined:”:undefined: right at the top, next to the group name.

    :undefined:“:undefined:If you give your users the ability to create public groups, you can always change the domain-level setting back to private,:undefined:”:undefined: Google said. :undefined:“:undefined:This will prevent anyone outside of your company from accessing any of your groups, including any groups previously set to public by your users.:undefined:”:undefined:

    If your organization is using Google Groups mailing lists, please take a moment to readGoogle:undefined:’:undefined:s blog post about how to check for oversharing.

    Also, unless you require some groups to be available to external users, it might be a good idea to turn your domain-level Google Group settings to default :undefined:“:undefined:private,:undefined:”:undefined: Kenna Security advises.

    :undefined:“:undefined:This will prevent new groups from being shared to anonymous users,:undefined:”:undefined: the researchers wrote. :undefined:“:undefined:Secondly, check the settings of individual groups to ensure that they:undefined:’:undefined:re configured as expected. To determine if external parties have accessed information, Google Groups provides a feature that counts the number of :undefined:‘:undefined:views:undefined:’:undefined: for a specific thread. In almost all sampled cases, this count is currently at zero for affected organizations, indicating that neither malicious nor regular users are utilizing the interface.:undefined:”:undefined:

    https://krebsonsecurity.com/2018/06/is-your-google-groups-leaking-data/





  • Make ISO from DVD

    In this case I had an OS install disk which was required to be on a virtual node with no optical drive, so I needed to transfer an image to the server to create a VM

    Find out which device the DVD is:

    lsblk

    Output:

    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 465.8G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 464.8G 0 part ├─centos-root 253:0 0 50G 0 lvm / ├─centos-swap 253:1 0 11.8G 0 lvm [SWAP] └─centos-home 253:2 0 403G 0 lvm /home sdb 8:16 1 14.5G 0 disk /mnt sr0 11:0 1 4.1G 0 rom /run/media/rick/CCSA_X64FRE_EN-US_DV5

    Therefore /dev/sr0 is the location , or disk to be made into an ISO

    I prefer simplicity, and sometimes deal with the fallout after the fact, however Ive repeated this countless times with success.

    dd if=/dev/sr0 of=win10.iso

    Where if=Input file and of=output file

    I chill out and do something else while the image is being copied/created, and the final output:

    8555456+0 records in 8555456+0 records out 4380393472 bytes (4.4 GB) copied, 331.937 s, 13.2 MB/s

    Fin!

    read more
  • Recreate postrgresql database template encode to ASCII

    UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';

    Now we can drop it:

    DROP DATABASE template1;

    Create database from template0, with a new default encoding:

    CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE'; UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1'; \c template1 VACUUM FREEZE;

    read more
});