HackerTrans
TopNewTrendsCommentsPastAskShowJobs

scottbcovert

no profile record

comments

scottbcovert
·8 เดือนที่ผ่านมา·discuss
It was a social engineering attack that leveraged the device OAuth flow, where the device gaining access to the resource server (in this case the Salesforce API) is separate from the device that grants the authorization.

The hackers called employees/contractors at Google (& lots of other large companies) with user access to the company's Salesforce instance and tricked them into authorizing API access for the hackers' machine.

It's the same as loading Apple TV on your Roku despite not having a subscription and then calling your neighbor who does have an account and tricking them into entering the 5 digit code at link.apple.com

Continuing with your analogy, they didn't break into the off-site storage unit so much as they tricked someone into giving them a key.

There's no security vulnerability in Google/Salesforce or your apartment/storage per se, but a lapse in security training for employees/contractors can be the functional equivalent to a zero-day vulnerability.
scottbcovert
·ปีที่แล้ว·discuss
Salesforce architect here (from partner firm, not the mothership directly)--Salesforce's query language, SOQL, is definitely a different beast as you say. I'd like to learn more about the issues you're having with the integration, specifically the permissions enforcement. I may be misunderstanding what you meant in the blog post, but if you're passing a SOQL query through the REST API then the results will be scoped by default to the permissions of the user that went through the OAuth flow. My email is in my profile if you're open to connecting.
scottbcovert
·5 ปีที่แล้ว·discuss
Tython | Salesforce Software Engineer | Remote (US) | Full-time Contract to Hire | https://www.tython.co

Tython provides consulting services to Salesforce ISVs, partners, and customers with a focus on lightning web components, Apex development, and backend integrations.

Tython was founded in 2012 and since then has provided consulting and development services to Fortune 100 companies and nonprofits alike, as well as released products on the Salesforce AppExchange.

Tython is currently a lean group of Salesforce engineers and admins spread out between San Diego, Long Beach, St. Louis, and Durham, North Carolina. We're looking to build out a fun, diverse, and supportive team of both junior and experienced Salesforce consultants, admins, and software engineers.

We offer great benefits including medical, dental, vision & life insurance, 401k matching, charitable donation matching, training opportunities, and an unlimited vacation policy.

The technologies and tools we use today include:

* Apex

* Lightning Web Components

* Aura Components

* SFDX

* GitHub

* VSCode

* GitHub Actions

Reach out if you would enjoy working with a small team, having a flexible work schedule, and building complex applications/integrations with the Salesforce platform.

Interested? Send your resume to [email protected] (no recruiters please)