Tweet
tldr Mudge is a legit security legend who made his bones many times over and is a consistent force for good in the field. he was hired by twitter to unfuck them and was basically checkmated relentlessly by indians and salesmen and finally said fuck it and blew the whistle on them.
https://www.washingtonpost.com/techn...disclosure.pdf
shit is very, very spicy.
basically dropping gems like twitter is a legit national security concern due to a total inability to enforce basic tiered access security models to limit access to critically private data, the ongoing employment of people who are almost certainly foreign agents (see: saudi twitter spy trial drama for more on this), the complete inability to convince anyone that lying to the government about your compliance standards is Bad, etc.
the whole thing is a festival of the absurd and honestly anyone with money in tech would do well to read this because 1) the only way to shake out this sort of systemic resistance to essential baseline security awareness is for the company to simply fire 80% of its management layer for incompetence and 2) we may need to accept that this sort of situation is far from an outlier and that a whoooole lot of the companies in the QQQ basket are every bit as fucked if not more so because they _dont_ have a Mudge on staff to call shit like this out, much less recognize it.
https://www.washingtonpost.com/techn...disclosure.pdf
shit is very, very spicy.
basically dropping gems like twitter is a legit national security concern due to a total inability to enforce basic tiered access security models to limit access to critically private data, the ongoing employment of people who are almost certainly foreign agents (see: saudi twitter spy trial drama for more on this), the complete inability to convince anyone that lying to the government about your compliance standards is Bad, etc.
the whole thing is a festival of the absurd and honestly anyone with money in tech would do well to read this because 1) the only way to shake out this sort of systemic resistance to essential baseline security awareness is for the company to simply fire 80% of its management layer for incompetence and 2) we may need to accept that this sort of situation is far from an outlier and that a whoooole lot of the companies in the QQQ basket are every bit as fucked if not more so because they _dont_ have a Mudge on staff to call shit like this out, much less recognize it.
Comment