I suppose I wouldn't personally think of it as limiting exposure like that - pro... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

OJFord on Aug 3, 2022 | parent | context | favorite | on: Hijacking Email with Cloudflare Email Routing

I suppose I wouldn't personally think of it as limiting exposure like that - prod is prod, beta feature or not - but if one does for a given product then yes sure it's a bad bug.

Do we really think Cloudflare Email Routing private beta was private to somehow trusted parties only though? Presumably 'N-mutual trusted parties' too, for regulatory compliance. I assume not; not least because the product security lead is here in the comments saying they vetted logs etc. after the fact to ensure that only OP took advantage of this.

shyn3 on Aug 3, 2022 [–]

I wouldn't rely on any companies logs or audit trail.

OJFord on Aug 3, 2022 | [–]

Fine, not the point, they did it - implies the invitees weren't trusted 'they won't/doesn't matter if they do pwn each other' customers.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact