HackDig : Dig high-quality web security articles for hacker

Veracode & Marketo – more like Faust & Mephistopheles

2015-07-02 19:25
Veracode & Marketo – more like Faust & Mephistopheles

Posted by on July 1, 2015.

I have news for you: you can’t trust your friends anymore. Some of them are likely to be unwitting marketing pawns first, and friends second.

This is from the Marketo website:

marketowebsite

With those figures it’s fairly obvious that marketing companies will seek to exploit friendships over and above advertising – or put another way, get your friends to endorse their advertising to better sell to you and others. Facebook and Google have both been in trouble over their methods of doing this – but they are not alone.

One company that has annoyed me in the past is Veracode. Last December, we had this exchange:

veracodetweetsall

I objected to being part of Veracode’s advertising campaign.

Jump forward to today. I came across an article discussing a Veracode whitepaper. It seemed to be a bit confused, saying that CISOs should be concerned that the BOD is taking security seriously yet BODs only think about security when there’s a problem. Clearly time to check the source.

As usual, you need to ‘register’ (that is, provide basic information about yourself) before being able download the document. Fair enough – that’s what this whitepaper costs, and I have the option of paying for it or not. But the registration page offers the option of ‘registering’ via a social media account. This is tempting because it is quick and simple, doesn’t require yet another password, and comprises information that you’ve already put on the internet. I chose to register with Twitter: and up popped the following:

marketoauthorizeLook a bit closer. This isn’t a simple ‘register with your Twitter account’. Accepting this quick and simple option is tantamount to allowing Marketo to pwn your Twitter account.

…and follow new people (Marketo and its clients can make me follow other people? Follow their clients presumably.)

Update your profile (Surely you jest? Marketo is now allowed to change who I am?)

Post Tweets for you (So if I had followed through with this, you could very soon see tweets from me extolling the virtues of Marketo clients’ products)

The problem is, we rarely read the conditions on things we sign. So we don’t know how many of our ‘friends’ have already been subverted by Marketo and others like it.

The moral of this story is simple. Don’t automatically believe that it’s your friend endorsing that product. And if you come across Marketo, move along quickly. Frankly, Veracode, I’m ashamed of you: you should remember Faust and Mephistopheles – your short term gain will lead to long term pain.


Source: /selehpotsihpem-tsuaf-ekil-erom-otekram-edocarev/70/5102/ku.oc.ytirucesti

“Veracode & Marketo – more like Faust & Mephistopheles”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud