| Rich Freeman on 8 Jun 2017 10:48:21 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Password manager OneLogin hacked |
On Thu, Jun 8, 2017 at 1:43 PM, Christopher Barry <christopher.r.barry@gmail.com> wrote: > On Wed, 7 Jun 2017 07:55:38 -0400 > Rich Kulawiec <rsk@gsp.org> wrote: > >>On Fri, Jun 02, 2017 at 10:33:48AM -0400, Rich Freeman wrote: >>> > Of course we only know about the hacks that operators care to >>> > report, which is a subset of the set they know about, which is a >>> > subset of the set their employees know about, which is a subset of >>> > the set that has happened, which is a subset of the set that has >>> > and will happen. >>> >>> Sure, but the same is true of your own internal security breaches. >> >>Mostly true, except for the first clause. >> >>But the risks are far higher for services like these, because the >>threat model is so different. Every one of them is a high-value >>target, therefore they will draw the attention of people ready, >>willing, and able to attack high-value targets. Given the pathetic >>overall state of IT security, given the inexperience and naivete' of >>the people running these, and given the highly asymmetrical nature of >>attack and defense, it's only a matter of time until they're >>compromised. They are thus just about some of the *last* places >>anyone should trust with confidential/sensitive information. >> > Bingo! Very well articulated. > Are we talking about password managers here, or IAM? They're not the same thing, and IAM is actually pretty common in large companies. Chris - you're using an IAM provider to send your email. :) -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug