|
|
|
|
|
|
by mkjones
4869 days ago
|
|
|
I was one of the people involved here (the guy quoted as saying "which means that whoever discovered this is looking at our code"). As the article noted, they started the whole drill relatively early in the morning on a workday (a Wednesday, iirc, which are the days where we do not have meetings). About half an hour after we'd fixed the obvious problem and were starting to dig deeper, the guys organizing the whole thing stepped in and let us know it was actually a drill, but that we were going to keep treating it as if it were real. It actually ended up being a super interesting and eye-opening experience, and drove good changes to some of our infrastructure. I had no idea we'd go so far as buying a 0-day and using it to test our own systems and response, but I think it shows that we don't screw around when it comes to making sure we're secure. |
|
|
Where did they get the 0-day?