Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
tadzikpk
on Sept 7, 2023
|
parent
|
context
|
favorite
| on:
Results of technical investigations for Storm-0558...
If this credential is still valid 2 years later, what is their credential rotation policy?
Fatnino
on Sept 7, 2023
|
next
[–]
5 years. The dump is from 2018
roymj88
on Sept 7, 2023
|
parent
|
next
[–]
Whoah... Surely this may not be the only news waiting to come out.. They just need to find out what else they've got during this period..
Fatnino
on Sept 7, 2023
|
root
|
parent
|
next
[–]
A little tidbit that they neglected to underline is that they hadn't rotated that key in at least 5 years.
roboman
on Sept 7, 2023
|
prev
|
next
[–]
^ agree! What an easy mitigation this would have been.
lucasRW
on Sept 7, 2023
|
prev
[–]
It's not a password though, but probably a private key, not that easy to rotate every now and then.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
