this post was submitted on 04 Nov 2023
275 points (98.6% liked)

Technology

34987 readers
373 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
top 18 comments
sorted by: hot top controversial new old
[–] [email protected] 101 points 1 year ago (2 children)

Title author must get paid by the comma

[–] [email protected] 16 points 1 year ago (1 children)

It's correct, just a bit confusing to parse at first. Like a garden path sentence, but with commas.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I would replace the 2nd comma with a colon

No, Okta: senior management, not an errant employee, caused you to get hacked

[–] [email protected] 12 points 1 year ago

Wellhehasabetterpaymentplanthan**methen

[–] [email protected] 46 points 1 year ago (1 children)

I just came to note that seeing Mastodon inserts instead of Twitter in an Ars article makes me feel warm and fuzzy.

[–] BrikoX 22 points 1 year ago

That's where infosec people are these days.

[–] [email protected] 18 points 1 year ago

The old trope is so tired I am still amazed corporate propaganda shills it... it just looks even worse... iT wuZ aN InTerN, ExeC DiNDu NufIn

[–] [email protected] 17 points 1 year ago (1 children)

The biggest threats to infosec and ethics violations are from management, not the rank and file.

[–] [email protected] 4 points 1 year ago

Yeah, cause the rank and file have to work overtime to fix that shit when it breaks

[–] [email protected] 12 points 1 year ago

This is the best summary I could come up with:


While the postmortem emphasizes the transgressions of an employee logging into a personal Google account on a work device, the biggest contributing factor was something the company understated: a badly configured service account.

In a post, Okta chief security officer David Bradbury said that the most likely way the threat actor behind the attack gained access to parts of his company’s customer support system was by first compromising an employee’s personal device or personal Google account and, from there, obtaining the username and password for a special form of account, known as a service account, used for connecting to the support segment of the Okta network.

“During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop,” Bradbury wrote.

Accessing personal accounts at a company like Okta has long been known to be a huge no-no.

Unlike standard user accounts, which are accessed by humans, service accounts are mostly reserved for automating machine-to-machine functions, such as performing data backups or antivirus scans every night at a particular time.

The breach, however, underscores several faults that didn’t get the attention they deserved in Friday’s post.


The original article contains 473 words, the summary contains 203 words. Saved 57%. I'm a bot and I'm open source!

[–] [email protected] 6 points 1 year ago

How does Okta not have systems like support systems like what was breached with the credentials behind a VPN as well? A system like that really ought to be on a secured network. We have so many systems at work that are VPN required and it’s mostly those where sensitive data lives.

[–] [email protected] 5 points 1 year ago (1 children)

I could see my own company falling victim to this kind of attack. I guess for a targeted attack all personal Google accounts or other password managers are a vulnerability. I'd cry if my work blocked the chrome password manager.

[–] [email protected] 1 points 1 year ago

I stopped using browser built in password managers a long time ago. Third party password managers that require 2FA on a timeout are where it's at. All of my passwords are available on all web browsers and my mobile device as necessary

[–] [email protected] 3 points 1 year ago (1 children)

Session network binding on its own seems pretty damn basic.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Dont bind to IP or other browser fingerprinting.

For security and privacy, my IP address and browser fingerprint change every 60 seconds. Its so fucking annoying when I get false-positive logged out every minute "for my security"

[–] [email protected] 2 points 1 year ago (1 children)

I hesitate to ask, but, why do you have your IP change every minute? You seem to have a very atypical usecase

[–] [email protected] 2 points 1 year ago

I was oversimplifying. So the user agent and other browser setting change every 60 seconds using the chameleon add-on.

The IP doesn't automaticallychanges, but I use a VPN. Often on shitty internet where packet loss routinely spikes to 30% (considered normal for most ISPs), I often have to disconnect and reconnect to the VPN, which causes the IP to change.

[–] [email protected] 2 points 1 year ago

Too many commas in that title.

Let’s try

Okta Senior management caused you to get hacked, not an errant employee.