
Why the fuck was I breached? - skinkestek
http://whythefuckwasibreached.com/
======
Waterluvian
"The fucking KGB used overwhelming force to gain access to some data. But we
have since told them to not do it again, so it will never happen again."

Yeah, that feels pretty accurate for today's political climate.

I love fun toys like this and would love an awesome list of them if anyone has
one.

~~~
Razengan
This sounds like a Monty Python sketch.

~~~
chris_wot
I got the teenagers got into the server room through an empty window and
hacked into our coffee pot. We told them not to and it can’t happen again.

~~~
Razengan
You naughty person.

------
gricardo99
I can't tell if the random excuses are completely made up or come for actual
breach incidents. If the latter, it would be interesting if the site actually
gave an example, or linked to a story, where a company used a similar excuse
or reported cause.

------
lifeisstillgood
>>> But we have since upskilled our cafeteria staff, so it will never happen
again.

I am not sure they are being entirely serious with their random excuse
generator. I could not recommend use of this to corporate legal.

~~~
chris_wot
Because they won’t let you upskill your cafeteria staff?

------
cwoollard
I wish I could submit my own options to the pool of responses. I could
certinly come up with some entertaining responses.

------
anilakar
Reminds me of Microsoft's Elevation of Privilege card game, although this one
was obviously designed with tongue-in-cheek. Still, everyone ought to click
through a few excuses and think whether they are relevant to the systems we
maintain.

------
smcleod
Interestingly my malware and adblocking lists (via pfblocker-ng) has
blacklisted this site as a known bad site!

------
viraptor
For origins, see bofh excuses:
[http://pages.cs.wisc.edu/~ballard/bofh/bofhserver.pl](http://pages.cs.wisc.edu/~ballard/bofh/bofhserver.pl)

------
smitty1e
"Upskilled our cafeteria staff" is the phrase of the day. Use liberally.

------
tr4cker
Just TY!

------
accidentaldev
funny how this site is not https

~~~
numlock86
Other than the increased CO2 footprint what would - in this particular case -
be the benefit?

~~~
bladewolf47
Genuinely curious, by what proportion does it increase CO2 footprint by? Tried
searching online but couldn't find anything.

~~~
m0xte
TLS takes considerably more watts of power on the basis it actually does more
work and shuffles more electrons around the CPU. I suppose that loosely
converts into carbon footprint.

However even if it is an issue, most sites sending 6 meg of JavaScript crap
down that gets recompiled on every visitor’s machine, autoplaying videos and
advertising would be doing more damage. So if anyone is going to complain they
should probably start there...

------
eitland
I think the idea is that if you refresh the page you get another random
excuse.

It is a bit silly but as someone who cares about security, almost everything
that helps to bring attention to the widespread problems this industry has
with security is good, -even if it is a bit silly.

------
badrabbit
Why on earth did this make it to the front page. What a silly site.

"Haha some company got breached and they made decisions I consider a mistake.
Haha they hired a CISSP,how lame."

How marvelously retarded. How about demonstrating some understanding of the
complexities and difficulties involved in securing any large corporation? How
about suggesting some solutions?

I can tell you one problem clearly: Management and C-suite do not get
clear,useful and actionable security risk analysis _with_ what practical
solutions exist. I can also tell you idiots who communicate this way are worse
than actual hackers trying to breach companies.

Of course there is a bigger problem of legal accountability which is a law
making and voter education problem.

Oh and regarding CISSPs, do you have any idea how hard it is to hire people
that know their tradecraft? Even for a decent salary and benefits and
schedule? Very difficult if you're not a fortune 100! Would OSCP impress you?
Wth is a guy who only knows pentesting worth unless you're hiring for a
pentester? Heck, a CISSP that can't even code but undetstands security
threats/risk and can communicate is worth 20 OSCPs for most orgs!

~~~
throwaheyy
It's a joke site, it generates random excuses for data breaches.

~~~
sundvor
It's more funny because it's so often true.

Just like how many people get a dashcam _after_ a crash, organisations tend to
get serious _after_ the breach.

~~~
eitland
> Just like how many people get a dashcam after a crash, organisations tend to
> get serious after the breach.

To the degree that they get serious that is. As far as I can see a big part of
the joke here is that even that is questionable.

~~~
lightedman
The part I liked is the idea that "We take your privacy and security
seriously" is literally the "Thoughts and Prayers" of the data industry.

~~~
badrabbit
What's wrong with either one?

Ok,they claim to take security and privacy seriously,so what?? It's a freaking
company! Would you prefer a thoughtful post on medium that uses simple
language like "we were wrong and we accept full responsibility,here is what we
learned..."? How about no response at all,is one owed to you?

Shouldn't they take privacy and security seriously? How is claiming to do so
by itself a wrong? How are thoughts and prayers wrong? How are declarations of
good intent mutually exclusive to meaningful action?

