Oddbean new post about | logout
 - In an interview with TechCruch, somebody said the MS engineer incident happened due to session token theft, aka phishing. Could MS engineers not use phishing resistant solutions they sell to customers, such as FIDO2? 

- Should there be disclosure requirements on cloud services, to avoid cloud providers routinely covering up breaches?

- Should there be a commonly accepted database of cloud vulnerabilities, so that providers can’t hide behind not issuing CVEs and wordsmithing.