I understand your desire to be charitable or tempered, but this isn’t some random schmuck who made an oopsie and reused a password from a previous database hack.
And nothing we know shows that he did that. Sure, he could have, and maybe he is that bad at security. The whole article is based on the supposition that he is reusing passwords. With no proof provided. If there’s some evidence, then sure burn the witch. Otherwise, it’s just baseless supposition.
This idiot has his dumb fingers in vital government systems, and the fact that he didn’t clean up his security profile before wreaking havoc says a lot about his ability to do his job safely.
There isn’t anything he could have done about past breaches. As I said, my email is still in the HaveIBeenPwned database, not because I didn’t clean up anything, but because I can’t clean up anything. Once those creds have been published, they stay published forever. The only thing you can do is rotate any affected passwords and move on with life.
And yes, the obvious failures on the DOGE website do speak to poor coding practices. I wouldn’t hire the guy to code anything, but I still think the article is just over the top muck raking trying to turn breached credentials into a story which really isn’t there.
When was the last time you heard about a vibe coder with unfettered access to government systems getting hacked? Probably never, because the government used to try its best to ensure security policy was followed. But Trump and Elon come along, and all of a sudden, secure info is leaked everywhere.
I understand your desire to remain skeptical and demand evidence, I do, but I think you’re just throwing your pearls before swine at the end of the day in doing so.
And nothing we know shows that he did that. Sure, he could have, and maybe he is that bad at security. The whole article is based on the supposition that he is reusing passwords. With no proof provided. If there’s some evidence, then sure burn the witch. Otherwise, it’s just baseless supposition.
There isn’t anything he could have done about past breaches. As I said, my email is still in the HaveIBeenPwned database, not because I didn’t clean up anything, but because I can’t clean up anything. Once those creds have been published, they stay published forever. The only thing you can do is rotate any affected passwords and move on with life.
And yes, the obvious failures on the DOGE website do speak to poor coding practices. I wouldn’t hire the guy to code anything, but I still think the article is just over the top muck raking trying to turn breached credentials into a story which really isn’t there.
When was the last time you heard about a vibe coder with unfettered access to government systems getting hacked? Probably never, because the government used to try its best to ensure security policy was followed. But Trump and Elon come along, and all of a sudden, secure info is leaked everywhere.
I understand your desire to remain skeptical and demand evidence, I do, but I think you’re just throwing your pearls before swine at the end of the day in doing so.