Not specific to this post but...I'm sick of management (in general) for taking the lions share of profit for a the "responsibility" they carry and yet, all that responsibility comes with no blame when things go south.
Somebody in my company calculated that 70% of the incidents at my company happened due to pushy, penalizing management forcing engineers to rush things out.<p>Incident reviews literally pointed out "being rushed".
I don't get how a security monoculture with a single point of failure across the economy -- i.e., Okta -- is supposed to be a good thing. Whenever you create something like this, you create a giant target that gets hacked. LastPass got hacked. Okta got hacked. Equifax got hacked. The OPM got hacked. I get that security software is hard to get right, so it's not great if everyone is rolling their own. But there has to be a way for things to be more decentralized, and for any one target not to be so juicy.
> “During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop,” Bradbury wrote. “The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device.”<p>Isn't the problem the fact that Google forced on people their "sign into chrome" (which is basically "sign into google") strategy? The attack wouldn't work on Firefox.