On Jun 7, 2012, at 4:04 PM, [email protected] wrote: > while I agree that it would be good to notice problems earlier, on a site > that allows pictures to be posted, 107MB is really not that much data.
Oh, I agree with you-- but generally images are stored on either a CDN in some form, S3, etc. Storing terabytes of static assets in a database is textbook "Doing It Wrong." If the static assets are living in the same network as the authentication database, then things have sort of gone to custard already. > I would agree that this shows that LinkedIn does not have steller security, > but as nice as it is to bash them, the sad truth is that even as bad as they > are, they are probably better than average (probably even for organizations > their size) My sincere apologies if my previous email came across as an attempt to bash them; that wasn't my intent. My point was (and remains) that it's not the breach itself that's noteworthy, but rather the track record and way it was handled. > experienced security people cringe at this, but they will also agree that > it's amazing how little attention basic security needs get, let alone > advanced things that would notice traffic anomolies. I suppose. I work with financial data, so I come from a bit of a different world than a social networking site probably does; network segregation and monitoring are required for compliance here. I sometimes forget that this isn't how most places operate. -- Corey
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
