Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
infosec.space is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for info/cyber security-minded people. This instance blocks threads.net

Administered by:

Server stats:

50
active users

infosec.space: AboutPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.4+glitch

@douglevin see, this exact scenario [infosec.exchange] is why I act as "" and literally lockdown stuff so hard cant fuck up!

  • Unless you put that option on the table as a.fellot , you won't be able to survive this game.

I wasted 15+ years of my life trying to make somewhat secure to come to terms with the fact that ut's an that is / .

  • Believe me when I'd tell you that "" like her don't give a shit about what Hardware/OS they get: Just set her up once with a good config (i.e. if you're lazy like me), backup all the important stuff, setup regular backups, remove privilegues and then you'd only need to check in once a year at most if not have a system that just runs for the next 2-5 years without intervention.

On the flipside I've seen cases where |my Sales Reps were able to upsell some 5-digit 21,5" gaming monster to a photographer that uses ACDSee to do minimalist editing of their JPEGs.

At least I won't deal with or any of that shite because noone is gonna pay me enough to loose my sanity over such a garbage software!

And yes, WE, THE "TECH LITERATES" ARE TO BLAME FOR THIS because we didn't demand and before !!!

Infosec ExchangeDoug Levin (@douglevin@infosec.exchange)This weekend I spent half a day remediating an elderly relative's Win 11 home laptop. Totally overpowered and overpriced for her needs, it was recommended to her by BestBuy when her old machine was complaining it wasn't compatible with the new MS OS rollout :( Both her OS and primary email were compromised. The threat actor did not disable Defender but just excluded every important directory from scans. May have also punched a hole in her device firewall for all I could tell. Only reason she even knew an issue had occured was due to issues with her email. She stopped receiving any emails and we reached out upon recieving what appeared to be a phish from her account. (No link to click in initial message, but an invitation to a longer urgent conversation.) Turns out they just redirected her email to her outlook account email (which she didn't even know she had, but was generated as part of her Win 11 install). They created a new alias and added some other rules to auto-forward further comms. FWIW, the rogue device attached to her account was coming from a TX location - many states away from us. No 2FA, no adblocker, no password manager, no understanding of firewalls, what makes a password stronger vs weaker, confused by messages about actions that were computer/browser/OS related. But look. She's 80+. I only had a few hours to investigate and remediate. I can't change all that and expect her to manage it on her own. How the f*ck is it possible that an average user can manage this stuff? Why is Win such a trash fire? Can't MSFT make a default config for non-technical home users that is locked down by default? She has literally ZERO chance against threat actors on the modern web. We in tech have totally lost the plot... I am NOT looking for advice (just use Linux or w/e). I am venting about shit UI, shit tech co's pushing the next new crap tech for no other reason than $, and the state of the modern web.
Oct 08, 2024, 04:50 AM·Public
0boosts·1favorite
Explore
About