Hacker News new | ask | show | jobs
by sanderjd 645 days ago
But the original comment wasn't about this attack vector...

> attackers are happy to steal developer credentials or infect their laptops with malware

I don't think any of what you said applies when an attacker has control of a developer machine that is allowed inside the network.
2 comments
jonstewart 644 days ago
I was responding more to "Same with trusting the private network. That’s fine and dandy until attackers are in your network, and now they have free rein because you assumed you could keep the bad people outside the walls protecting your soft, squishy insides."

Obviously this can apply to insiders in a typical corporate network, but it also applies to trust in a prod VPC environment.

link
bigfatkitten 644 days ago
That is also a risk. Random developer machines being able to just connect to whatever they like inside prod is another poor architectural choice.
link