> You think nobody's logged into their personal spotify on their work computer?
I don't think anyone thinks that. No one also thinks logging into a personal account on a device owned by someone else gives you any claim of ownership over it.
The computer belongs to the company. You will do what the company says you need to with their computer.
IT departments do not care for the musings of self-proclaimed neckbeards. The arrogance of such users to comfort to security policy is a well known risk and usually grounds for swift disciplinary action.
Totally. They should allow anyone, even those with no income, to come to their country and use their services for nothing in return. We can see how well that's worked in the US.
You're not. The article makes no sense. They claim robust security controls but apparely lacked a proper accounting of service accounts with external access, especially with admin access to freakin' Jira.
> Then, from November 27, we redirected the efforts of a large part of the Cloudflare technical staff (inside and outside the security team) to work on a single project dubbed “Code Red”.
Why didn't they start this effort BEFORE there was an incident?
> we undertook a comprehensive effort to rotate every production credential (more than 5,000 individual credentials
Bearer credentials should already be rotated on a regular basis. Why did they wait until an incident to do this?
> To ensure these systems are 100% secure
Nothing is 100% secure. Not being to see and acknowledge that is a huge red flag.
> Nothing was found, but we replaced the hardware anyway.
Well that is just plain stupid and wasteful.
> We also looked for software packages that hadn’t been updated
Why weren't you looking for that prior to the incident?
> we were (for the second time) the victim of a compromise of Okta’s systems which resulted in a threat actor gaining access to a set of credentials.
And yet they continue using Okta. The jokes just write themselves.
> The one service token and three accounts were not rotated because mistakenly it was believed they were unused.
Wait, wait, wait. You KNEW the accounts with remote access to your systems were UNUSED and yet they continue to be active? Hahahahaha.
> The wiki searches and pages accessed suggest the threat actor was very interested in all aspects of access to our systems: password resets, remote access, configuration, our use of Salt, but they did not target customer data or customer configurations.
Totally makes sense, I'm sure the attacker was just a connoisseur of credentials and definitely did not want them to target customer data.
I don't think anyone thinks that. No one also thinks logging into a personal account on a device owned by someone else gives you any claim of ownership over it.
The computer belongs to the company. You will do what the company says you need to with their computer.