Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The one thing in terms of security that is even a blip on my radar is that slack does not encrypt data at rest (disks). [1](https://twitter.com/slackhq/status/467476452364279808)

Their reason that they couldn't search through data if it were encrypted is not true. They are using AWS, and can simply use EBS encrypted volumes (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryp...). Should be an easy flag to turn on.



The only thing that's on your radar. Do you speak for everyone else's needs or interests?


Not sure what exactly that buys in terms of security.

Both Slack and Amazon can steal all the data without being detected, regardless of whether the servers are encrypting it or not, since if the server can decrypt it, so can Amazon (just scan VM memory for the key from the hypervisor).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: