undefined | Better HN

0 pointsBeefWellington2y ago0 comments

If a breach is disclosed and some time later your systems are compromised because you didn't bother to take appropriate action in response to that, it's not "fair" to punch down, or even reasonable to do so.

0 comments

cheeze2y ago

Okta was painfully negligent, with CF going as far as posting "recommendations for Okta" because it was their only way to get through to them.

I don't love CF, but IMO Okta deserves to be punched down on.

longcat2y ago

In both situations Okta and Cloudflare a generic or system account has been compromised. CloudFlare would have had to upload or provide a session tokens or secret to Okta's support system.

BeefWellingtonOP2y ago

Sure but for how long and in what contexts?

Is it really reasonable to come out and say your company utterly failed a pretty basic security practice when faced with a compromise but that it was really some other company's problem originally?

Of course it's not. It's still your company's failure. Own it.

j / k navigate · click thread line to collapse