Rich Kulawiec on 7 Jun 2017 04:55:49 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Password manager OneLogin hacked |
On Fri, Jun 02, 2017 at 10:33:48AM -0400, Rich Freeman wrote: > > Of course we only know about the hacks that operators care to report, > > which is a subset of the set they know about, which is a subset of the set > > their employees know about, which is a subset of the set that has happened, > > which is a subset of the set that has and will happen. > > Sure, but the same is true of your own internal security breaches. Mostly true, except for the first clause. But the risks are far higher for services like these, because the threat model is so different. Every one of them is a high-value target, therefore they will draw the attention of people ready, willing, and able to attack high-value targets. Given the pathetic overall state of IT security, given the inexperience and naivete' of the people running these, and given the highly asymmetrical nature of attack and defense, it's only a matter of time until they're compromised. They are thus just about some of the *last* places anyone should trust with confidential/sensitive information. ---rsk ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug