What you need to know about the recent compromise here

This is used for general discussion that is not necessarily server-related.
User avatar
kraze
Former staff
Former staff
Posts: 4362
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Fri Sep 17, 2010 9:06 am
Location: California

Re: What you need to know about the recent compromise here

Post by kraze »

I'd argue that a lot of companies regardless of size are susceptible to attacks that include unannounced/unknown vulnerabilities. I would not have expected a security audit to have found those unannounced/unknown vulnerabilities either, though, I suppose it is possible.

I would also not consider the donation email being a bad exploit. Your email is naturally a public item and your email can be pretty easily secured by using basic security steps, and most offer two-factor authentication now too. Though, I can understand why some people would prefer not showing their email on that tab (which is something we're working on).
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: What you need to know about the recent compromise here

Post by Edge100x »

Large companies have many more attack surfaces than we do, with many people working on many different systems at once. It is a major challenge for them to maintain a consistent level of security across all of them, including basics like the rapid application of patches. So it's not surprising that pretty much every major player that you can think of has been compromised already.

This thread was about a specific one-time event that occurred in mid-2015. Further discussion of other concerns will need to occur in other threads.
Locked