Gergely Orosz

@gergely.pragmaticengineer.com

After Okta was breached for 3 weeks - attackers accessing HAR files w sensitive session info - Okta’s response: “Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.” Cloudflare just built & released such a tool. Savage:

Oct 29, 2023 at 09:29 UTC

2 replies 6 reposts 15 likes

Jackson @adequatejack.bsky.social
[ View ] Oct 29, 2023 at 15:24 UTC

Ending up in Cloudflare’s security blog is my worst professional nightmare. “Here’s a riveting breakdown of all the mistakes these folks made, let’s pour over them in detail!” Kill me now!

0 replies 0 reposts 1 likes

Gergely Orosz @gergely.pragmaticengineer.com
[ View ] Oct 29, 2023 at 09:30 UTC

The full details from Cloudflare: blog.cloudflare.com/introducing-...

Cloudflare is basically positioning itself as Okta’s missing security team. Last week, they gave Okta advice on what basic security practices to follow. This week, they built the HAR filter Okta should have had in-place.

1 replies 3 reposts 12 likes