bloomberg on supermicro: sky is falling
Alfie Pates
alfie at fdx.services
Mon Oct 8 09:48:59 UTC 2018
Important distinction; You fire any contractor who does it *repeatedly* after communicating the requirements for securing your data.
Zero-tolerance for genuine mistakes (we all make them) just leads to high contractor turnaround and no conceivable security improvement; A a rotating door of mediocre contractors is a much larger attack surface than a small set of contractors you actively work with to improve security.
~ a
On Mon, Oct 8, 2018, at 4:53 AM, Naslund, Steve wrote:
> You just need to fire any contractor that allows a server with sensitive
> data out to an unknown address on the Internet. Security 101.
>
> Steven Naslund
>
> >From: Eric Kuhnke <eric.kuhnke at gmail.com>
> >
> >many contractors *do* have sensitive data on their networks with a
> gateway out to the public Internet.
> >----------------------------------------
> >
> >I could definitely imagine that happening.
> >
> >scott
More information about the NANOG
mailing list