Hacker Times
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
ckozlowski
on March 22, 2022
|
parent
|
context
|
favorite
| on:
Updated Okta Statement on Lapsus$
Without proper separation of duties to limit blast radius, it's just as damaging as a software vulnerability. It sounds like that's the real issue here: Compromise of a support engineer lead to far more access than should have been permissible.
Eyas
on March 22, 2022
[–]
Right, but their claim is that there were proper separations that successfully did limit the blast radius.
Ozzie_osman
on March 22, 2022
|
parent
[–]
Or at the very least, audit logs so they can see what that support engineer's account did during the period that the account was compromised.
Consider applying for YC's Fall 2026 batch!
Applications
are open till July 27.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: