Security News > 2022 > November > Public URL scanning tools – when security leads to insecurity

Public URL scanning tools – when security leads to insecurity
2022-11-07 19:59

Well-known cybersecurity researcher Fabian Bräunlein has featured not once but twice before on Naked Security for his work in researching the pros and cons of Apple's AirTag products.

Now, Bräunlein is back with another worthwhile warning, this time about the danger of cloud-based security lookup services that give you a free opinion about cybersecurity data you may have collected.

Many Naked Security readers will be familiar with services such as Google's Virus Total, where you can upload suspicious files to see what static virus scanning tools make of it.

Worse still, Bräunlein realised that many third-party security tools, both commerical and open source, perfom automated URL lookups via urlscan.io if so configured.

In other words, you might be making your security situation worse while trying to make it better, by inadvertently authorising your security software to give away personally identifiable information in its online security lookups.

To users of online security scanning services: If in doubt/Don't give it out.


News URL

https://nakedsecurity.sophos.com/2022/11/07/public-url-scanning-tools-when-security-leads-to-insecurity/