366
Spyware maker LetMeSpy shuts down after hacker deletes server data (techcrunch.com)
submitted 1 year ago by BrikoX@lemmy.zip to c/technology@lemmy.world
26 comments fedilink hide all child comments

cross-posted from: https://lemmy.zip/post/1088852

Archived version: https://archive.ph/cR91h
Archived version: https://ghostarchive.org/archive/F2HRY

you are viewing a single comment's thread
view the rest of the comments
[-] evatronic@lemm.ee 7 points 1 year ago

Part of a good backup solution involves ensuring that it's literally impossible for the "root" / "administrator" whatever user on the production system to delete the backups. For instance, were this AWS, it would be done by creating a separate AWS account and use IAM roles to provide access to a S3 bucket with the "DeleteObject" permission explicitly denied. Perhaps, even deny everything except something like PutObject, and ensure the target S3 bucket is versioned, so even overwriting the contents with garbage is recovered by restoring a previous version.

But most businesses don't think like that.

[-] 1984@lemmy.today 3 points 1 year ago

Yup. I work as a devops guy with aws and that's what I do. But I've seen a lot of enterprises having no clue about these things.

this post was submitted on 05 Aug 2023
366 points (98.4% liked)

Technology

59670 readers
1833 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world