Havde ikke set den med sessions timeout på 4 timer. Det implicerer en hel del flere brugere!
Man skal dog stadig huske at det formentlig kun er de formodet få der loggede ind i løbet af de 21 minutter, som har "overtaget" andres konto. Nu er der bare flere mulige overtagne konti. Også min iøvrigt 🫣
IMO we should keep pushing Nordnet to publish a full technical post-mortem as it would be a good thing for both the IT industry and Nordnet regain their trust back.
I'll think we should allow for leaving out very specific details of their technology stack. No need to help the bad guys. The public will not benefit from knowing.
I'm all for sharing wtf happened during an incident. But, I'd rather know what they learned, and how they plan to improve safeguards.
“More specifically, the underlying cause was a bug in a so-called third-party library. The software component is used to communicate between Nordnet's services and the database that stores information about which customers are logged in.”
As an IT I could be already using that library at work:
Comments
Man skal dog stadig huske at det formentlig kun er de formodet få der loggede ind i løbet af de 21 minutter, som har "overtaget" andres konto. Nu er der bare flere mulige overtagne konti. Også min iøvrigt 🫣
I'm all for sharing wtf happened during an incident. But, I'd rather know what they learned, and how they plan to improve safeguards.
But everyone obviously need to know what happened in more broad terms.
As an IT I could be already using that library at work: