Without proper separation of duties to limit blast radius, it's just as damaging... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ckozlowski on March 22, 2022 | parent | context | favorite | on: Updated Okta Statement on Lapsus$

Without proper separation of duties to limit blast radius, it's just as damaging as a software vulnerability. It sounds like that's the real issue here: Compromise of a support engineer lead to far more access than should have been permissible.

Eyas on March 22, 2022 [–]

Right, but their claim is that there were proper separations that successfully did limit the blast radius.

Ozzie_osman on March 22, 2022 | [–]

Or at the very least, audit logs so they can see what that support engineer's account did during the period that the account was compromised.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact