Comment by lukan
1 day ago
If you need the data, you cannot have it air gapped. And if it is air gapped, it is still easy to make misstakes.
1 day ago
If you need the data, you cannot have it air gapped. And if it is air gapped, it is still easy to make misstakes.
"misstakes", love it, almost peotic
> it is still easy to make misstakes.
That's not an excuse though, any system handling data like that should be continuously reviewed and pentested by professionals. Hopefully they can show that this has been done otherwise it's just negligence.
It was mainly an explanation, that "airgapping" does not magically provides better security, or is required (or possible) to use at all here.
And it's pretty clear to me that they were criticizing storage of sensitive data in a database that isn't properly secured and they simply misused the term "airgapped". The database in question was easily accessible from poorly maintained development infrastructure.
> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize
Imagine if the bank took such a cavalier attitude with the contents of my account.