Salesforce "Do as I say, not as I do."
Because of a security breach at Salesforce.com, my contact information got into the hands of a phisher. Salesforce sent out an email explaining it everyone. Some nice spinning here:
this intrusion did not stem from a security flaw in our application or database
No, it resulted from a security flaw in their policies and procedures. Social engineering attacks are just as real as breeching a fire wall. But later they advise me:
Modify your Salesforce implementation to activate IP range restrictions. This will allow users to access Salesforce only from your corporate network or VPN, thus providing a second factor of authentication.
If they had done that, this wouldn't have happened. But, they can sure advise me. Hmmm, that Sugar CRM run on my own site is beginning to look better and better.
Am I the only one who sees the irony in this?
Like your commetary. Funny thing about these security breaches is when ever you're on the receivin end of the breach (aka victim) somehow it's always your faualt. The organization providing the secure service, from banks to utility companies, to CRM providers are never ever culpable. I wonder why no one wants to be accountable? Isd it that difficult to deliver what is promised with competence? Hmmm, I wonder....
Posted by: BernieMac | 04 December 2007 at 07:12 AM