Rich Kulawiec on 7 Jan 2017 04:43:31 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] XKCD: Team Chat


On Fri, Jan 06, 2017 at 03:34:31PM -0500, Greg Helledy wrote:
> Basically, it's a way to get you to turn over all your company's internal
> communications and data to the people behind the Slack site?

And to anyone who hacks their site.  (The larger they become, the more
attractive target they'll become.  The more attractive the target they
become, the more resources will be available to attack them.  Why hack the
communications/data of one company when you can hack 492 at once?)

And to anyone who acquires a dump of all the data from an insider.
(If they have N staff with access to that data, then you are betting
that N out of N of them can't be bought or blackmailed or seduced or
tricked or anything else.  You have to win that bet N times.  You have
to continue to win it N times as N gets larger.  An attacker only has to
win once.)

It is of course the prerogative of all companies to decide to do
something this incredibly careless, if they wish.  But given that this
is an obviously horrible idea, I wouldn't want to be in the position of
defending such a decision in court (after our users'/customers' private
information was compromised as a result) or in a board meeting (after
our internal information was sold to the highest bidder).

---rsk

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug