Christopher Barry on 8 Jun 2017 10:43:28 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Password manager OneLogin hacked

On Wed, 7 Jun 2017 07:55:38 -0400
Rich Kulawiec <> wrote:

>On Fri, Jun 02, 2017 at 10:33:48AM -0400, Rich Freeman wrote:
>> > Of course we only know about the hacks that operators care to
>> > report, which is a subset of the set they know about, which is a
>> > subset of the set their employees know about, which is a subset of
>> > the set that has happened, which is a subset of the set that has
>> > and will happen.  
>> Sure, but the same is true of your own internal security breaches.   
>Mostly true, except for the first clause.
>But the risks are far higher for services like these, because the
>threat model is so different.  Every one of them is a high-value
>target, therefore they will draw the attention of people ready,
>willing, and able to attack high-value targets.  Given the pathetic
>overall state of IT security, given the inexperience and naivete' of
>the people running these, and given the highly asymmetrical nature of
>attack and defense, it's only a matter of time until they're
>compromised.  They are thus just about some of the *last* places
>anyone should trust with confidential/sensitive information.

Bingo! Very well articulated.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --