![]() ![]() ![]() The main suspicion continued to be malware until last week when Okta publicized the issues it was facing with a number of its customers, including 1Password. "Based on an analysis of how the file was created and uploaded, Okta's use of TLS and HSTS, and the prior use of the same browser to access Okta, it is believed that there was no window in which this data could have been exposed to the Wi-Fi network, or otherwise subject to interception."įinally, the IT staffer's macOS machine was scanned for malware but showed no sign of any nasty activity, neither on their machine nor on their user accounts. Then attention turned to the 1Password IT worker who uploaded the HAR file over a public Wi-Fi network at a hotel, but this avenue also proved fruitless. Initial investigations focused on Okta's side but logs revealed that the attackers' actions all occurred before the Okta support agent accessed the HAR file, eliminating the possibility of there being a rogue support staffer. Originally, there was some confusion over how this was carried out. "This was confirmed by IT creating a HAR file, and Security using Burp Suite to force the browser to use the session cookies captured in the HAR file to reproduce the events of the incident."
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |