zlacker

[parent] [thread] 4 comments
1. embedd+(OP)[view] [source] 2025-11-13 11:54:38
> - timely response

Timely in what way? Seems they didn't discover the hack themselves, didn't discover it until the hackers themselves reached out last week, and today we're seeing them acknowledging it. I'm not sure anything here could be described as "timely".

replies(1): >>prodig+p6
2. prodig+p6[view] [source] 2025-11-13 12:44:09
>>embedd+(OP)
I have been doing a self Have I Been Pwned audit and, reading many company blog posts, and it wasn't uncommon to see disclosure months after incidents.
replies(1): >>embedd+q7
◧◩
3. embedd+q7[view] [source] [discussion] 2025-11-13 12:50:13
>>prodig+p6
Yeah, that sucks, and I wouldn't call those "timely" either. Is your point that "timely" is relative and depends on what others are doing? Personally, "slow" is slow regardless of how slow others are, but clearly some would feel differently, that's OK too.
replies(2): >>franga+R41 >>dpolon+S61
◧◩◪
4. franga+R41[view] [source] [discussion] 2025-11-13 17:45:44
>>embedd+q7
If one week is slow and three months is also slow, why should a company switch from three months to one week?

To borrow from a different context, if eating meat every day is being an evil animal abuser and being vegetarian but liking cheese sauce on you pasta is being an evil animal abuser, why should anyone consider eating less meat?

Warning: not very well thought-out generalisation ahead

We need to be able to express nuance, otherwise everything turns into a shitshow like, for example, the current state of political and social discourse. Americans will vote for privatisation because public healthcare is "literally communism" and "communism is the devil". Twitter users will vote for white supremacists because they get called "literal nazis" for the big nose jokes they occasionally make.

◧◩◪
5. dpolon+S61[view] [source] [discussion] 2025-11-13 17:53:55
>>embedd+q7
"Timely" is relative, right? If I build a house in a week, that was done in a timely fashion, as it was done faster than average,

If i build a house of cards in a week, that took way longer than the average house of cards, and it would not be fair to call it "timely".

In a world where most companies report breaches months after the fact, yes, I think "last week we found out about it and we're now confirming it" is fair. You need to work with Law Enforcement, you need to confirm the validity of the data and the hacker's claims, and that they data they are ransoming is all they actually took. You need to check the severity of the data they took. Was it user/passes? Was there any trademarked processes, IP, sensitive info? You need to ensure the threat actor is removed from your environment, and the hole they got in with is closed.

If you choose to pay the ransom, you may need to work even closer with LE to ensure you don't get flagged for aiding and funding criminals.

With them choosing not to pay, I'm sure they need to clear that with legal still. Finance needs to be on board. Can you actually call it a charitable donation for a tax write-off if its under this sort of duress? (And I'd assume there's other sort's of questions a SysAdmin can't be expected to come up with examples for)

While ALL of this is happening, you can't announce your actions. You can't put our a PR until you know for sure you were compromised, what the scope was, and that any persistence has been removed.

[go to top]