Why do companies keep getting hacked?

theverge.com/2018/12/3/18124849/quora-100-million-user-hack-name-email-messages

Yahoo, Equifax etc. Are they just incompetent or what?

Attached: quora logo.png (602x234, 29K)

Unit
82
00

Because usually most companies can barely keep their software running so security optimization takes a back seat to 'omg I can't see my timesheet'.

Hackers are one step ahead.

Well, if you don't get paid to secure the systems, then spending any time on it at all will get your boss to tell you to stop wasting time.
And if you do get paid to secure the systems, then changing any settings and causing 1 second of downtime will cause your boss to get angry.
Suggesting improvements means you have to talk talk talk about them and whatever happens you will be responsible for it.

Just doing your job, which is nothing, is usually the best option.

Over half of my quora feed is third worlders talking about all the times they've cheated or done something else sexually taboo. If those emails have leaked I'm sure they're going to be in trouble.

Quora is the most disgusting website on the internet after Facebook. It's nothing but promotions and advertisements disguised as answers. You rarely see a sincere answer

Poojeets utterly btfo

I fucking hate Quora. It's just indians and nothing more. If you want to read an answer, 90% of the time it's like: Have you tried to use ? By the way, I'm the cofounder of but it's ... Useless site. Hope it dies.

because they use intel CPUs

Seriously

It could've been a great concept, instead it's just pajeets and shills.

Because they keep hiring unqualified old people for cyber security positions

>Are they just incompetent
That and being retarded and treating security with a cost-benefit approach.

>get bought by chinese
>have "data breach"
like pottery

I worked for a company that got hacked. It's currently getting sued into oblivion. I helped author parts of the module where the hackers used SQL in the dark to get in.

Lots of people are overworked and temporary bandaids sometimes turn out to be permanent solutions. For production, if X is working, don't touch it. If it absolutely needs to be done, it must be done according to the change policy. You don't necessarily have the rights to do all the necessary changes for all the dependencies, so you'll have to make tickets for those changes. In a larger corporation a ticket for changing a single dns entry can take months.

>Big haxs, big boats, swiggity swit-swap sim swap, botnet swatnet
Edgy teens want plus hf rep and coolness points on irc. So, we run around with our magic quotes and debuggers to exploit easy stuff that should be fixed but unseen by non auditors.

Running a large amount of infrastructure and keeping it all patched and properly configured is a lot of work which doesn't deliver obvious benefits until it's too late.

Did you create SQL queries by concatenating strings together, by any chance?

I was good some years ago

>unironically using quorawrr
wew

No. I wasn't the one who committed the line that let them in. It was some kind of printf varient statement. I was being mentored anyway when I helped, so I wasn't really the one who wrote the module independently. It took about 15 years before it was exploited. Either way millions of people's information is out there now, and it's in the news.. but I don't want to go into detail.

It's sad but true.

It took roughly 4 years to disable ARC4 as cipher for openssh and openssl where i work, after it has been announced as insecure and obsolete. Just imagine if you have absolutely no fucking idea about security, always follow the money instead of listening to your engineers, you end up patching systems with a plaster, instead of having a solid and secure foundation to work on/with.

Commercial IT is nothing but fraudsters, posers and liars.

>Commercial IT is nothing but fraudsters, posers and liars.
Don't say that. 4channel is commercial IT. 4channel has our best interest at heart.