even with everything, given the norms of lock files for even the most basic of w... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rtpg on Dec 1, 2022 \| parent \| context \| favorite \| on: Lastpass Security Incident even with everything, given the norms of lock files for even the most basic of web apps, you're still at "need to roll out a client update". Now that's not to say that something can't be sneaked into other work! But the bar is a bit higher than "take over a dependency"

cokeandpepsi on Dec 1, 2022 [–]

that's what happend to solarwinds, it out worked pretty well for the hackers there

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact