| Christopher Barry on 8 Jun 2017 10:43:28 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Password manager OneLogin hacked |
On Wed, 7 Jun 2017 07:55:38 -0400 Rich Kulawiec <rsk@gsp.org> wrote: >On Fri, Jun 02, 2017 at 10:33:48AM -0400, Rich Freeman wrote: >> > Of course we only know about the hacks that operators care to >> > report, which is a subset of the set they know about, which is a >> > subset of the set their employees know about, which is a subset of >> > the set that has happened, which is a subset of the set that has >> > and will happen. >> >> Sure, but the same is true of your own internal security breaches. > >Mostly true, except for the first clause. > >But the risks are far higher for services like these, because the >threat model is so different. Every one of them is a high-value >target, therefore they will draw the attention of people ready, >willing, and able to attack high-value targets. Given the pathetic >overall state of IT security, given the inexperience and naivete' of >the people running these, and given the highly asymmetrical nature of >attack and defense, it's only a matter of time until they're >compromised. They are thus just about some of the *last* places >anyone should trust with confidential/sensitive information. > >---rsk Bingo! Very well articulated. -- Regards, Christopher ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug