this post was submitted on 30 Dec 2024
195 points (100.0% liked)

chapotraphouse

13630 readers
774 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Slop posts go in c/slop. Don't post low-hanging fruit here.

founded 4 years ago
MODERATORS
LENINSGHOSTFACEKILLA@hexbear.net
MiraculousMM@hexbear.net
Nakoichi@hexbear.net
corgiwithalaptop@hexbear.net
PorkrollPosadist@hexbear.net
ZoomeristLeninist@hexbear.net
EmmaGoldman@hexbear.net
sweet_pecan@hexbear.net
a_little_red_rat@hexbear.net
khizuo@hexbear.net
PaX@hexbear.net
195
This is real (hexbear.net)
submitted 1 week ago by Sulvor@hexbear.net to c/chapotraphouse@hexbear.net
35 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Deadend@hexbear.net 93 points 1 week ago (3 children)

It’s not an intern. A major company at Ford’s scale does not let an intern post.

It’s likely an unauthorized access. Ford has a lot of IT security, but it’s the kind of security that is so secure, it becomes insecure (many passwords, very frequent password updates, which lead to people just writing the passwords down).

[–] Ambiwar@hexbear.net 37 points 1 week ago (1 children)

Are you saying the incoherent ramblings of my phone notes app could be compromised?

[–] Deadend@hexbear.net 29 points 1 week ago (1 children)

I can’t say for sure. Please post screenshots and I’ll let you know.

But it is a real Security issue, where the org has such a strict policy on ALL users to maintain a high level of security hygiene that it’s impossible to keep up with while doing normal work. It’s why there is such a big push for SSO systems/portals. As that way you can have 99% of users be kind of dumb - as long as they use your company portal - they should be good.. and a smaller team focused on the security of that portal and looking for odd login actions per user.

[–] invalidusernamelol@hexbear.net 13 points 1 week ago (1 children)

Requiring rotating key/authenticator access for remote work and allowing users to come up with a solid terminal password on local access is pretty good.

That way all local connections can be verified and remote logins have the extra security layer.

That being said, if a priveleged user manages to compromise their local work machine it's all fucked.

[–] Deadend@hexbear.net 2 points 6 days ago (1 children)

That’s where security experts who are checking for things to go bad come in.

Making everyone a security expert + doing their job is some uphill ice skating.

[–] invalidusernamelol@hexbear.net 2 points 6 days ago (1 children)

A good bet it to open a dummy ssh port that no one should ever connect to, then immediately add any ip that tries to connect to it to a blacklist.

At the end of the day every security measure can be bypassed, you just need to be prepared for that inevitability.

[–] Deadend@hexbear.net 2 points 6 days ago

Locks are based on time/difficulty/detectability in the real world. The goal is “can’t to break in without getting caught”

It’s all a balance between risk/security and actually being useful.

[–] Dessa@hexbear.net 17 points 1 week ago

I work for a company with that sort of security. It's infuriating and many people miss hours of work because they need IT's help to get back in every time there's a password change.

[–] peeonyou@hexbear.net 7 points 1 week ago (1 children)

you worked at ford?

[–] Deadend@hexbear.net 4 points 1 week ago (1 children)

No.

[–] peeonyou@hexbear.net 4 points 1 week ago

you hacked them then?