* Posts by Decimal5446

6 publicly visible posts • joined 9 Aug 2023

Dell to color-code staff based on how hybrid they really are in RTO push

Decimal5446

Re: I'd go full remote...

Because they are fuming about these stupid expensive buildings with bonkers leases being empty

City council audit trail is an audit fail after disastrous Oracle ERP rollout

Decimal5446

Requirements tracability

I doubt it was missed on the requirements. I also doubt it was due to technical performance constraints. Suspect it just got lost somewhere along the project. Requirements traceability could have caught this or maybe a pen test / assurance review which certainly would have caught this one. Probably!

Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies

Decimal5446

Re: Am I reading this correctly?

Probably because if we cancel every place that get's hacked we would have no options left. The fact you get hacked isn't a problem. It's a about how fast you can detect and respond and shut it down. It's super naive to think places won't be hacked. Best to assume everywhere will get their turn. It's the amount of turns that should inform your decision to move on. I won't touch LastPass as far as I can chuck them at this point for example.

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes

Decimal5446

Session token binding needs to be the norm. The session token needs to have baked in info about the device so replay cannot happen. Fingers crossed this becomes the norm as time goes on.

UK voter data within reach of miscreants who hacked Electoral Commission

Decimal5446

Re: How was this made possible?

I think there is a time and place for all mixes of security controls and technologies. If people want nothing to leave the perimeter (whatever the hell that means these days). Spin up a virtual desktop solution and even then when using that at home everything is still in the corporate perimeter. On the bums on seats and seeing the whites of people's eyes, thankfully my place trusts us to get things done without being seen sat there. Fingers crossed leadership change doesn't change that view!

Decimal5446

Re: How was this made possible?

Spoken like someone living in the 90's. Build a strong perimeter and throw everything behind it and only allow access onsite. In 2023 we are way beyond that level of madness.