Hacker News new | ask | show | jobs
by mac-chaffee 1503 days ago
I really feel like people don't value intrusion detection enough. Why was Heroku's intrusion detection system "rely on Github's intrusion detection system"?
1 comments
jlmorton 1503 days ago
As described, the attacker quietly retrieved OAuth tokens from a single Heroku database, and then very loudly scraped GitHub.

I'm not saying it would have been impossible to detect the first action, but it's substantially easier to detect the second.

link