Mastodon Feed
Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
hrbrmstr ("hrbrmstr πΊπ¦ π¬π± π¨π¦") wrote:
The root cause chain is damning. No file type restrictions on inbound support chat attachments. No automated EDR coverage reconciliation against the identity provider. Okta FastPass let the compromised device satisfy MFA on its own. The initialization codes β functionally equivalent to the certificates themselves β were visible in every proxied support session because the support portal was never threat-modeled as an attack surface. "Privileged access" stopped at the HSM boundary. (3/5)