←back to thread

Internet Archive breached again through stolen access tokens

(www.bleepingcomputer.com)
492 points vladyslavfox | 1 comments | 20 Oct 24 15:00 UTC | HN request time: 0.202s | source
Show context
badlibrarian ◴[20 Oct 24 15:40 UTC] No.41896054[source]
Restating my love for Internet Archive and my plea to put a grownup in charge of the thing.

Washington Post: The organization has “industry standard” security systems, Kahle said, but he added that, until this year, the group had largely stayed out of the crosshairs of cybercriminals. Kahle said he’d opted not to prioritize additional investments in cybersecurity out of the Internet Archive’s limited budget of around $20 million to $30 million a year.

https://archive.ph/XzmN2

replies(3): >>41896114 #>>41897651 #>>41900416 #
semicolon_storm ◴[20 Oct 24 15:47 UTC] No.41896114[source]
In security, industry standard seems to be about the same as military grade: the cheapest possible option that still checks all the boxes for SOC.
replies(4): >>41896673 #>>41896703 #>>41897579 #>>41897601 #
Spivak ◴[20 Oct 24 16:52 UTC] No.41896703[source]
Hot take, this is the way it should be. If you want better security then you update the requirements to get your certification.

Security by its very nature has a problem of knowing when to stop. There's always better security for an ever increasing amount of money and companies don't sign off on budgets of infinity dollars and projects of indefinite length. If you want security at all you have bound the cost and have well-defined stopping points.

And since 5 security experts in a room will have 10 different opinions on what those stopping points should be— what constitutes "good-enough" they only become meaningful when there's industry wide agreement on them.

replies(4): >>41896781 #>>41896855 #>>41896959 #>>41897873 #
1. db48x ◴[20 Oct 24 17:01 UTC] No.41896781[source]
Yep. And worse, now matter how much you pay for security it is still possible for someone to make a mistake and publish a credential somewhere public.