2.5 Admins

2.5 Admins 168: Do The Right Thing

Nov 9, 2023

In this episode, the guests discuss the security breaches experienced by Okta, the ease of crashing iPhones, and Jim's report from the Ubuntu Summit. They also provide advice on what to do when you find a company's sensitive data on the Internet. Overall, an interesting conversation on security measures and vulnerabilities.

30:18

Creator website

Episode guests

Okta

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

When finding a company's sensitive data on the internet, it is important to exhaust all means to responsibly report the issue and communicate it effectively without ulterior motives.

Despite potential legal risks, it is crucial to do the right thing by reporting security vulnerabilities to companies, especially when they lack bug bounty programs or clear mechanisms for responsible disclosure.

Deep dives

Unprotected Database Backup

There is an unprotected internet accessible database backup for a small company that contains sensitive employee and client information. The backup includes employee names, phone numbers, usernames, password hashes, client information, and work order notes. The company is small, and the only public contact information available is for their sales department, but when attempting to report the issue, they are dismissed as a scammer. The listener wants to know how to responsibly report this and is also concerned about potential legal action. They seek guidance on the matter.

Introduction

3min

Security Breach involving Okta

7min

The Importance of Security in Enterprises and the Debate on Single Sign-On

3min

iOS 17 Bluetooth Vulnerability

10min

Discussion on Conference Attendance and Reporting an Internet Security Issue

5min

The Legal Consequences of Reporting Security Vulnerabilities

3min

Okta seems to not be taking its security seriously enough, crashing iPhones is far easier than it should be, Jim’s report from the Ubuntu Summit, and what to do when you find a company’s sensitive data on the Internet.

Plugs

Support us on patreon and get an ad-free RSS feed with early episodes sometimes

News

No, Okta, senior management, not an errant employee, caused you to get hacked

Okta October breach affected 134 orgs, biz admits

Okta hit by another breach, this one stealing employee data from 3rd-party vendor

This tiny device is sending updated iPhones into a never-ending DoS loop

Jim went to the Ubuntu Summit

Free Consulting

We were asked about what to do when you find a company’s sensitive data on the Internet.

The Traceroute Podcast

Check out the new season of the Traceroute Podcast on Apple, Spotify, or wherever you get your podcasts. Visit the website.