Hacker News new | past | comments | ask | show | jobs | submit login

Corporations also do this so they can scan traffic for data exfil.

Which is, tbqh, a useless solution. Oh wow, now an attacker just has to include some obfuscated javascript encryption lib. Bam. Exfil detection completely bypassed.

For example corporations might want to make sure that worker is not sending e-mails with confidential data from its gmail. Sophisticated thief surely will circumvent that kind of protection, but a lot of thieves are stupid, so simple measures actually work.

True, but Joe Dipseedoodle doesn't accidentally send out an HR report because he was logged into his personal email account.

Too much security is willing to give up on the 95% because they can't get the 100%.

Is that a new word I should know?

It's a shortened version of "exfiltration"

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact