Christopher Barry on 8 Jun 2017 10:43:28 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Password manager OneLogin hacked


On Wed, 7 Jun 2017 07:55:38 -0400
Rich Kulawiec <rsk@gsp.org> wrote:

>On Fri, Jun 02, 2017 at 10:33:48AM -0400, Rich Freeman wrote:
>> > Of course we only know about the hacks that operators care to
>> > report, which is a subset of the set they know about, which is a
>> > subset of the set their employees know about, which is a subset of
>> > the set that has happened, which is a subset of the set that has
>> > and will happen.  
>> 
>> Sure, but the same is true of your own internal security breaches.   
>
>Mostly true, except for the first clause.
>
>But the risks are far higher for services like these, because the
>threat model is so different.  Every one of them is a high-value
>target, therefore they will draw the attention of people ready,
>willing, and able to attack high-value targets.  Given the pathetic
>overall state of IT security, given the inexperience and naivete' of
>the people running these, and given the highly asymmetrical nature of
>attack and defense, it's only a matter of time until they're
>compromised.  They are thus just about some of the *last* places
>anyone should trust with confidential/sensitive information.
>
>---rsk

Bingo! Very well articulated.

-- 
Regards,
Christopher
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug