c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
Too many people don't release that 'cloud' just means 'someone else's computer'
As someone who's worked in this environment, the providers are screwed either way.
If you do nothing, then a customer is mad that you were not secure enough and they got hacked.
If you do something, then a customer is mad that you've made security changes that break their shit.
At the end of the day, the devops people using this stuff don't understand security, and don't want to understand it. But no matter what the provider does, it's wrong for some segment of their users, so like, it's not that they won't secure it, it's that the feedback is negative as all hell when they do.
So much of my job in security was getting people to sign off on risks they would not patch.
Yeah we did security notices based on customers doing stupid shit, and got yelled at for "annoying" them with an email every week or two, depending on when the reports we ingested were turned into notifications.
So many people screeching about spamming them, and harassing them, and how this was bullshit and they never had this problem with other PaaS platforms.
...until, of course, oopsie their shit was hacked, and NOW it's my fault we didn't warn them enough.
I am never working for THE CLOUD ever again, lol.