Hacker News new | ask | show | jobs
by staticassertion 2513 days ago
Given how quickly coinbase managed to respond to an advanced attacker I think they know what they're doing.

Insider threat is also really difficult. Working from a point of "I don't trust my employees" is very painful for many reasons.
2 comments
AmericanChopper 2513 days ago
> Working from a point of "I don't trust my employees" is very painful for many reasons.

It’s probably the hardest problem to solve in general, but it’s exactly what a well designed separation of duties is supposed to address.

link
tptacek 2513 days ago
I have never even heard of an internal site-wide pentest that failed.
link
dmix 2513 days ago
I'm guessing Coinbase hiring a pentester and giving them 'employee level access' would be a needless formality?
link
tptacek 2512 days ago
People do internal pentests even though everyone knows the pentesters will win; you still learn something from the experience.
link
AmericanChopper 2512 days ago
You’ll never be able to prevent privileged insiders, or their accounts, from being able to cause damage. But I have worked with organisations where internal tests were not able to compromise the most critical assets, and where the outcome of the tests was those assets become even more well protected. Which is really the best outcome you could be hoping for with these kinds of engagements, imo.
link
dmix 2512 days ago
Of course, I was just being cute.
link
ssalka 2513 days ago
To me it shouldn't be a question of whether you trust your employees - obviously it makes for a better working relationship if you do, but I think there's a more fundamental issue here, which is "I don't trust my system"

If you fully trust the system you're building (and that trust is well-placed, meaning you can _prove_ the lack of significant exploits/vulnerabilities) then you should have no issue allowing others to try and poke holes in it

The usual caveat is that untrusted employees with sufficient access could potentially wreak havoc, but I would argue that if you really trust your system, and define the boundaries of your system well enough (i.e. to also encapsulate the issuance and management of all permissions relating to the system), then you can effectively limit the ability of malicious actors to break things or otherwise amass control

link