independent security researcher Kevin Beaumont and other analysts see evidence that some X origin servers, which respond to web requests, weren’t properly secured behind the company’s Cloudflare DDoS protection and were publicly visible. As a result, attackers could target them directly
oops
I wonder if the security team that left twitter en-masse would have discovered this before the hackers did? Oh well.
I wonder if it’s a coincidence that the security team got the sack and soon after, some servers were found to not be properly buttoned up.
I hope it is for their sake. Some guy just got 10 years for a script he left that caused an outage.
That dude was a special kind of stupid. The attack script had his name on it, usee his account status as the trigger, and was running from his laptop. It attacked other peoples profiles and was extremely explicit in being designed to revenge his firing.
There are for sure idiots in infosec, but when your job is working to close holes and gaps, it gets pretty easy to learn what to “forget” about if you want to cause devastation in a deniable way. There are so, so many ways to fuck this job up, doing it on purpose would be a cake walk.