top | item 10044415

(no title)

mtsmith85 | 10 years ago

I love reading Matt Levine's writing; I enjoy the humorous tone. A bit of Louis CK for the financial world. But I didn't get that he was dismissing the security concerns. I read it as he was dismissing the idea that some aspects of the hacking could have been more easily thwarted. For example, two factor authentication is a relatively straightforward protection. Now he may have been underselling how complex it is to implement, but I would have to agree that items like two factor authentication are relatively straight forward tools at this point.

discuss

ZoFreX|10 years ago

2 factor authentication has nothing to do with this, though, and would do absolutely nothing to protect against this occurrence or similar ones. 2 factor authentication is great in certain situations... but only when your code is operating correctly. If someone has achieved arbitrary code execution (even if only at the SQL layer) it's game over. 2FA won't save you.

thefreeman|10 years ago

they also brute forced employee accounts (likely the sql injection was in the employee facing section of the site)

juliangregorian|10 years ago

Did you read the article? Not only was sql injection found, logins were brute forced. 2fa absolutely would have helped with that.