{"id":18109,"date":"2017-06-04T21:02:56","date_gmt":"2017-06-05T01:02:56","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=18109"},"modified":"2017-06-04T21:02:56","modified_gmt":"2017-06-05T01:02:56","slug":"hacker-hack-thyself","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2017\/06\/04\/hacker-hack-thyself\/","title":{"rendered":"Hacker, Hack Thyself"},"content":{"rendered":"<p><a href=\"https:\/\/blog.codinghorror.com\/hacker-hack-thyself\/\">Jeff Atwood<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=14468362\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/blog.codinghorror.com\/hacker-hack-thyself\/\">\n<p>The name of the security game is defense in depth, so all these hardening steps help &#8230; but we still need to assume that Internet Bad Guys will somehow get a copy of your database. And then what? Well, what's in the database?<\/p><p>[&#8230;]<\/p>\n<p>After this exercise, I now have a much deeper understanding of our worst case security scenario, a database compromise combined with a professional offline password hashing attack. I can also more confidently recommend and stand behind our engineering work in making Discourse secure for everyone. So if, like me, you&rsquo;re not entirely sure you are doing things securely, it&rsquo;s time to put those assumptions to the test. Don&rsquo;t wait around for hackers to attack you &mdash; hacker, hack thyself!<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Jeff Atwood (Hacker News): The name of the security game is defense in depth, so all these hardening steps help &#8230; but we still need to assume that Internet Bad Guys will somehow get a copy of your database. And then what? Well, what's in the database?[&#8230;] After this exercise, I now have a much [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[321,981,48,96],"class_list":["post-18109","post","type-post","status-publish","format-standard","hentry","category-technology","tag-discourse","tag-passwords","tag-security","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/18109","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=18109"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/18109\/revisions"}],"predecessor-version":[{"id":18110,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/18109\/revisions\/18110"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=18109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=18109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=18109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}