HackerTrans
TopNewTrendsCommentsPastAskShowJobs

snowwolf

no profile record

Submissions

PostgreSQL vulnerabilities affect multiple cloud vendors

wiz.io
5 points·by snowwolf·4 वर्ष पहले·1 comments

comments

snowwolf
·4 वर्ष पहले·discuss
> It took a long time to realize that the most compelling devices have good, well maintained software.

I continue to hold the view that Tesla's success is because they are really a software company, not a car company.
snowwolf
·4 वर्ष पहले·discuss
My wish list:

* HTTP/2 (3?) (on the roadmap) * a refresh of the dyno line-up - at least pass on some of the cost savings of removing/supporting free tier by reducing dyno pricing or preferably bumping specs * auto-scale for all dyno tiers * rebuild security team with reputable lead * edge / multi region active-active DX * edge ssl termination * iterate on chat ops (underrated feature) * more metrics * more alerting (e.g. crashed apps) * better user/access team management (default app roles) * enhanced secrets management in env (2 layers of env view/roles - config vs secrets) * DDOS protection * Treat CI env vars as secrets!
snowwolf
·4 वर्ष पहले·discuss
>If you used your previous password on any other sites, we highly recommend you also change your password on those sites.

This is the most concerning part of that email, as it implies more than an "out of an abundance of caution", but rather that they suspect their password DB has been compromised.

Thinking about it, it does sound the most likely as they were probably the same DB the customer oAuth tokens were stored in that were used to access Github repositories. But if they already knew the data was stored together why wait till now to reset passwords?
snowwolf
·4 वर्ष पहले·discuss
Reading the other trending article on LAPSUS$ (https://news.ycombinator.com/item?id=30774406), access to Slack suits their MO perfectly in terms of mining it for data for more sophisticated escalation of access via social engineering.
snowwolf
·4 वर्ष पहले·discuss
> Support engineers use a number of customer support tools to get their job done including Okta’s instances of Jira, Slack, Splunk, RingCentral, and support tickets through Salesforce.

I like how it just glosses over access to all the other tools which often contain a treasure trove of data. Just Slack can give an attacker worst case credentials pasted into channels and best case loads of information for more targeted social engineering attacks. LAPSUS$ even stated they had access to over 8K channels.
snowwolf
·5 वर्ष पहले·discuss
Exactly my point. However the European Commission has released "Approved" SCC's in June 2021. Does this case now invalidate those because "the DSB has rejected these measures as absolutely useless when it comes to US surveillance" in which case it is in conflict with the European Commissions guidance.
snowwolf
·5 वर्ष पहले·discuss
Has Google Analytics now adopted the latest European Commission approved SCCs (https://ec.europa.eu/info/law/law-topic/data-protection/inte...) and does that mean using GA with those SCC's is now compliant going forwards. Or does this cases verdict that "SCCs and "TOMs" not enough" now mean those EC approved SCCs are now useless?
snowwolf
·5 वर्ष पहले·discuss
My ideal goes further than that. All I want is a reasonable data plan with non extortionate roaming rates from my existing provider (phone service is not important to me these days due to FaceTime/WhatsApp/etc). Some providers were starting to offer decent roaming to a large selection of countries that came out of your existing allowance with no additional charge but they seem to have started rolling back on that now as margins are getting squeezed. There is no reason for roaming charges for 1 week to be higher than the cost of a 1 month pre-paid local sim.
snowwolf
·5 वर्ष पहले·discuss
I don't know the rollout process but perhaps it involves taking servers offline, putting more load on the still live unpatched servers, increasing the probability of the race condition occurring?
snowwolf
·5 वर्ष पहले·discuss
My favourite use is turning them into coffee shops

https://www.mylondon.news/whats-on/whats-on-news/gallery/lon...
snowwolf
·5 वर्ष पहले·discuss
My recent experience of trying to get DMARC set up.

1. Don't use strict (adkim=s; aspf=s) if you expect your emails to be forwarded (https://www.dmarcanalyzer.com/forwarding-within-dmarc/).

2. Microsoft (Outlook/Office365) ignores DMARC p=reject by default (https://docs.microsoft.com/en-us/microsoft-365/security/offi...)