|
|
|
|
|
|
by thecus
4272 days ago
|
|
|
I also want to add on that I do not view this as a security issue. There are a myriad of things that should be done: 1) Your company should not be using SaaS services for sensitive projects w/o codenames. (Codename FishSauce = Viber M&A) -- obviously just obscurity, but still solid opsec. 2) I'd love to see your write-up on HipChat uploading all files directly to an S3 bucket accessible to the world. 3) Every user w/ that companies domain sees this each time they sign-in. 4)I just think it's overhyped and not a big deal. 5) It only impacts companies who have multiple slack TEAMS (not the same thing as channels, no channel names are disclosed) Also, this is a decision Slack admins make: http://imgur.com/FCUE1mY |
|
|
This is absolutely a security issue. What companies I do business with is protected under NDA.