undefined | Better HN

0 pointstptacek7y ago0 comments

It sounds like Reddit just recently hired security. It's not at all unusual for companies of Reddit's size not to have a security team; the only thing that makes them noteworthy in that regard is how old the company is. If your expectation is that most of the companies you've worked with or availed yourself of have dedicated security teams, revise your expectations sharply downwards.

0 comments

4 comments · 3 top-level

carterehsmith7y ago· 1 in thread

Question. I am curious in general in that, how can they say that "this" data was compromised, but "that" data was not?

How does that work? Do they really have some low-level access log that shows who accessed what file and at what time?

And then, do they keep that log for some months at least?

And, can they query that log and declare that, six months ago, "this" data was compromised, but "that" data was not?

How does all that work.

Operyl7y ago

They probably knew what systems were accessed via centralized logging. By extension, you know what that system had access to.

mikestew7y ago

It's not at all unusual for companies of Reddit's size not to have a security team;

Well, by "security team" I meant "people that should know better". I mean, raise your hand if you knew even ten years ago what a bad idea it was to store passwords in plaintext. Okay, now keep your hand up if you're job role includes the words "security team". Hmm, not a lot of hands left. You don't need a dedicated security team to figure out that some folks, including the CEO, shouldn't be let anywhere near the database nor making design decisions.

koube7y ago

Reddit had a security team, they just haven't had the position "Head of Security" until now[0]. They did have a policy of using TOTP but couldn't enforce it on certain providers (applications?) [1].

[0]: https://old.reddit.com/r/announcements/comments/93qnm5/we_ha...

[1]: https://old.reddit.com/r/announcements/comments/93qnm5/we_ha...

j / k navigate · click thread line to collapse