Wyrmlet
nixCraft π§enterprise grade security vs. human the weakest link in the chain π
bazkie π©πΌβπ» bitplanes π΅@nixCraft lol
it doesn't help that some bad operating systems hide the file extension.
nor that people are really fucking stupid lol
DigitalInfinity
Random Damage π»@DigitalInfinity @bazkie @nixCraft
Companies don't want to pay for skilled admins that know this is a reasonable thing to do (or even possible!)
Management failure
AndrΓ© van Schoubroeck
Petri Salmela
an actual bus
scotty86 πΊπ¦ποΈ@bazkie The targets don't even know, what a file extension is.
This "company" has no IT security, that's the problem. Security costs money and is invisible to the management.
Why the fuck does the mail server accept EXE?
Why the fuck has the mail client no filter?
Why the fuck are there no execution restrictions?
It's not the users fault.
@nixCraft
The Frog@nixCraft I still blame Windows for this one, not user error
sebsauvage@nixCraft
Well I guess "Thanks Windows for masking file extensions by default" ? π€·ββοΈ
Well I guess "Thanks Windows for masking file extensions by default" ? π€·ββοΈ
@sebsauvage @nixCraft And using the extension (that is the name of the file) to decide it is executable.
Dr. Sobek@sebsauvage @nixCraft Also Apple, though a .exe would not have worked on macs.
J4ck@nixCraft laugh
I'm not surprised. A few years ago I heard someone say, "My most successful attacks are still just poorly written powershells."
If users don't care, no amount of security will protect them.
marco_m_aus_f@jackryder @nixCraft It's not users job to care. It's IT's job to deliver secure systems. Do not blame users for Microsoft's inability to deliver.
wobweger 
@nixCraft
our biggest problem is in human shaming
especially in #CyS
no one asks why the systems are so badly designed and worse implemented forget about tested
any of the bait shall be filtered in the first place,
and nothing should happen when clicked
above all the need to know principle still exercised by many in #CyS keeps the good people in the dark and the dark people in front
who actually knows what happened at JLR no one, it's kept internal π€ͺ
our biggest problem is in human shaming
especially in #CyS
no one asks why the systems are so badly designed and worse implemented forget about tested
any of the bait shall be filtered in the first place,
and nothing should happen when clicked
above all the need to know principle still exercised by many in #CyS keeps the good people in the dark and the dark people in front
who actually knows what happened at JLR no one, it's kept internal π€ͺ
@nixCraft imagine a company email system that doesn't block executable attachments π€£
epicdemiologist@nixCraft "Everyone likes candy." --Tony, Lock In
Tor Iver Wilhelmsen@nixCraft People forget that Kevin Mitnick largely used social engineering - he was less hacking computers than hacking people. Because stuff like that works often enough.
The Psychotic Network Ferret
Ivan Tsenov π§π¬ πΊπ¦
Sylvia Osteen@nixCraft Far more people would have clicked on it if it had been called 2026_Salary_Decrease.
lbcp π¦ 
Flash Mob Of One@nixCraft That is some snappy social engineering right there.
Kristen
Glen T, heated, not stirred@nixCraft Cybersecurity once again blaming users for deficiencies in software. They should put the blame where it belongs: the operating system having an too-simple trust model for files.
LEdoian
Reid 
George B
Chris (Master of Potate) π₯@nixCraft These people are the reason that I constantly have to do stupid security trainings and get test phishing mails. It's so annoying but I guess it's needed. Even though I am not sure how well they even work.
Softspeak
VHG πͺπΊπΊπ¦@nixCraft addressing the lower instincts allways work, allways bypasses intellect.
MidgePhoto@nixCraft "incidence" response??
ShovelTrouble@nixCraft "IT Department, this is your fault! You're supposed to make sure we're not vulnerable to technology stuff! Now, go think about what you did wrong and how you could have prevented it, I have a cruise to go on."
Cliff'sEsportCorner@nixCraft if it was labeled salary reductions might get more engagement?
[HANDMAIDEN] xan@nixCraft i would simply not click on this because i know that salary increases are fake in this day and age
/usr/people/flexion
Vincent π»πͺπΊ en πΉβοΈ@nixCraft tbf incident response is βt incident prevention π
Zeki Γatav π€ β π―οΈπΆ
Ben AvelingI see a lot of people replying to this post who are confident that they would not have clicked on that pdf.
@nixCraft
@nixCraft
ββ (β β Λβ _β Λβ )β β alm10965 β’ 6Γπ@nixCraft salary_increase.pdf.exe what a sexy fileπ€ͺ
@nixCraft hmm "IR - wizards" rename the file from *.PDF.exe to *.PDF and can open an v-card of an Nigerian prince, with heritage - problems
Tobias πππ
H4Heights πͺπΊπ΅πΈπΊπ¦π¨π¦@nixCraft Many of these Cyber-security wonks are self-appointed. Aggressive grifters who have bamboozled skinflint senior mgt. into thinking they are needed. In reality they are gaslighting the users and blaming them for their own, and managements, clusterfucks.