Hacker News new | past | comments | ask | show | jobs | submit login

This is why old secops/corpsec security hands are so religious about tabletop exercises, and what's so great about BadThingsDaily† on Twitter. Being prepared to do this kind of credential rotation takes discipline and preparation and, to be frank, most teams don't make that investment, including a lot of really smart, well-resourced ones.

If Cloudflare is in a position where their security team can make a call to rotate every secret and reimage every machine, and then that happens in some reasonable amount of time, that's pretty impressive.

https://twitter.com/badthingsdaily?lang=en




It'd be more impressive if they actually got all the credentials.

It's good that you think you can absorb a complicated security task, it's useless if you have no way to test or verify this action.


yes but this is a nice #2. not many fortune 500s would 1) even know they were breached and 2) if they were breached, have the breach be so contained.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: