Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

At Amazon you're encouraged (and expected) to escalate early and escalate often. Amazon security did its job very well.

>"The real security incident here is how did the intercept learn of that ticket as that should really be classified."

Looks like someone from the security or PR departments took a picture of the ticket with their cellphone and sent them to the reporter.

Security tickets are immediately encrypted and locked down. Only a few members have access typically: The person who opened the ticket, anyone with a need-to-know, and people on the IR team. Even director-level employees need to be manually added to security-related tickets to have view permissions.



> At Amazon you're encouraged (and expected) to escalate early and escalate often

One of the many reasons I’d never want to work there


Maybe I'm missing something, but why is escalating early and often a bad idea? Isn't that just part of being a responsible adult?


Hahaha I'm sure most companies wouldn't want you either. If my code is broken I want to know ASAP.


At least takes like the theirs is why people in cybersecurity can easily find jobs.


Huh? This is a good thing. This is how security teams should be operating...


> Looks like someone from the security or PR departments took a picture of the ticket with their cellphone and sent them to the reporter.

Out of those two groups, Occam's razor implicates the one with a vested interest in currying favor with reporters.


This is a bad take.


Based on the argument given, looks like a fair take to me.


Someone else in this discussion says this ticket was not locked down (https://news.ycombinator.com/item?id=26626369). How do you know that someone from the security or PR department took a picture? It seems much more likely this is typical left leaning employee activism that is prevalent at tech companies.


1.) I never bothered to look up the ticket on the Amazon internal ticketing system. Given what the reporter alleged (i.e. that it was handled by someone from Amazon Security), I presumed it would take the standard security-related ticket handling procedures.

I obviously wouldn't look in internal ticketing systems and THEN post to my findings to a public forum like HN. For obvious reasons.

2.) > "It seems much more likely this is typical left leaning employee activism that is prevalent at tech companies."

If standard security ticket procedures were followed, it would have been locked down to the security team and the impacted team (i.e. PR/social media).

The comment that it 'seems much more likely that this is typical left leaning employee activism' implies that there aren't left-leaning or activists within the security or PR departments. Which if you believe that... lul...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: