Robin DeRosaMar 6
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
Show threadPaul_IPv6Mar 6

@actualham

i was working for a large corporation during a time they were going through the due diligence for a merger. since both companies were publicly traded, there were some very strict SEC rules about access to the info from both companies.

in order for me to see said documents to do the techical review, it required that i used only windows explorer, disable all ad blockers, all security features, and authenticate over an insecure web link.

yay for security...

Show threadPseudo NymMar 6

@paul_ipv6 @actualham

Same as it ever was. Same as it ever was.

As part of #infosec, I weep when I see stuff like this and the training class.

The unauthenticated emails from 3rd party platforms that HR uses to inform employees of legit business stuff, the surveys, all of it.

And they wonder why BEC (business email compromise) keeps happening when the bad guys send a legit looking "We changed our bank account, please update this routing number" email to Accounts Payable.

Show threadMoz

@pseudonym @paul_ipv6 @actualham for a while I had a mortgage with a bank that primarily communicated via a generic bulk email provider that obfuscated links in emails.

So I'd get "Important notice about your loan" from nsw6252.salesmail-au.com and every URL was to ...cliktrak.org

They could not understand how this was problematic. "just click the link"

Mar 6 at 10:24pmWeb