this post was submitted on 10 Feb 2025
47 points (98.0% liked)

Cybersecurity

6435 readers
9 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 3 weeks ago (5 children)

The outage occurred yesterday when an employee responded to an abuse report about a phishing URL in Cloudflare's R2 platform. However, instead of blocking the specific endpoint, the employee mistakenly turned off the entire R2 Gateway service.

Oopsies

[–] [email protected] 9 points 3 weeks ago (4 children)

Why tf did this employee have the permissions to turn off the entire service? If their job is responding to abuse reports, they do not need that level of privilege.

[–] [email protected] 5 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

It's entirely possible the employee had more than one hat and was dabbling in customer service that day. it's not unheard of in the IT field for the buckets to mix when demand states it. Being said the better question is how you could mistake a shutdown/deactivate button as an apply button

apperently cloudflare thought the same as they removed the button from the panel the employee used lmao

[–] [email protected] 2 points 3 weeks ago

And even then, there should be an approval workflow to at least have one more set of eyes review the change before it’s implemented.

load more comments (2 replies)
load more comments (2 replies)