undefined | Better HN

0 pointsbogomipz9y ago0 comments

I took the OPs comments as referring to the fact that management either:

a) didn't know the company was hacked.

b) claimed they didn't know they were hacked,

c) didn't bother to do proper discovery to quantify the extent of the hack until years later.

0 comments

And that would have been covered under nist or iso or any other resonable standard. My point is that once you look into these companieas, get beyond the tech stuff, virtually none implement proper security on such large deployments.

bogomipzOP9y ago

>"virtually none implement proper security on such large deployments."

Can you provide a citation for this? Otherwise it seems you are suggesting because Yahoo was lacking that this means all SV tech giants are lacking.

sandworm1019y ago

Well, without ndas make it hard to find actual reports, but take ashley-madison. Millions of users, talk of a billion-dollar ipo, and the post-hack report by the canadian and austrailian privacy ministers found they had no formal security plan.

2 more replies

j / k navigate · click thread line to collapse

0 pointsbogomipz9y ago0 comments

I took the OPs comments as referring to the fact that management either:

a) didn't know the company was hacked.

b) claimed they didn't know they were hacked,

c) didn't bother to do proper discovery to quantify the extent of the hack until years later.

0 comments

sandworm1019y ago

bogomipzOP9y ago

>"virtually none implement proper security on such large deployments."

Can you provide a citation for this? Otherwise it seems you are suggesting because Yahoo was lacking that this means all SV tech giants are lacking.

sandworm1019y ago

2 more replies

j / k navigate · click thread line to collapse