The popular content pasting platform (specifically used for pasting codes) Pastebin has recently announced two new security features. These are the “Burn After Read” and “Password Protected Pastes” options. The service believes that these features will enhance site security.
Pastebin Launch “Burn After Read” and “Password Protected Pastes”
In a recent tweet, Pastebin has announced the launch of two security features that will supposedly protect the pastes.
As evident, the features will seemingly protect how the pastes appear to others. And also give control to the authors to protect their pastes.
The “Burn after read” is a dropdown feature under the “Paste Expiration” option. Selecting this option will make the pastes expire after a single read. Otherwise, users can choose the time after which they want the paste to expire. In case a user misses to choose the option from the dropdown, Pastebin also offers it as a single checkmark feature.
Whereas, the “Password Protected Pastes” feature provides one more option in the Optional Settings. Here, the user can check the box appearing in front of the “Password” option. Doing so will enable the feature right away with a random preset password. The user can either proceed with it or type another password.
Here’s how the new features look like.
Skepticism Surrounds The New Security Features
Although, the new security features seem to improve the security of pastes. However, people are also skeptical about the potential exploitation of these features by the threat actors.
Their main concern is that these features will let the criminals exploit the site for sharing malware. They have clearly expressed their thoughts about the new options in response to Pastebin’s tweet.
You are aware that doing this will enable threat actors to use your service to an even greater extend?
— Sami Tainio (@SamiTainio) September 25, 2020
Will be tons of C2 ideas and RATs based on this 🤣🤣
— Mohamed A. Basset (@SymbianSyMoh) September 27, 2020
So you guys lost alot of traffic because of the api scraping. So to boost traffic let’s ensure every malware author hosts their payloads with one time use or password protection.
— Joshua Whitaker (@_Stahlz) September 25, 2020
Though, some users argue that these features aren’t unique to Pastebin. Rather their competitors also implement similar things. So, Pastebin shouldn’t be blamed.
its pretty crazy from the #infosec POV, but these are features that are available on their competitor sites.
is there a particular reason why its worse for @pastebin to do this than someone else?
i guess i dont understand how this changes things pic.twitter.com/8KvVm308PX
— 🗳📬 a travesty in 9 parts 📬🗳 (@travofoz) September 26, 2020
Sorry to tell you this, buy you are many years late with that. PrivateBin (old name was ZeroBin) does it for a long time already: https://t.co/LYjIhK8Yt9
It even encrypts pastes 😉
— six (@51×39) September 26, 2020
Let’s see how useful or dangerous these features turn out to be in the coming days.
What do you think about these changes in Pastebin? Do share your thoughts with us.