One chestnut from my history in lottery game development:
While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.
Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
Set the automatic timeout for admin accounts to 15 minutes…meaning that process that may take an hour or so you have to wiggle the mouse or it logs out …not locks… logs out
From installs to copying log files, to moving data to reassigning owner of data to the service account.
And that’s why people use mouse jigglers and keep their computers unlocked 24/7.
Mine was removed by Corporate IT, along with a bunch of other open source stuff that made my life bearable.
Also I spent 5 months with our cyber security guys to try and provide a simple file replication server for my team working in a remote office with shit internet connectivity. I gave up, the spooks put up a solid defense, push all the onerous IT security compliance checking onto my desk instead of taking control.
Not as bad as my previous company though, outsourced IT support to ATOS was a nightmare.
It’s reasonably easy to make a hardware mouse wiggler with an Arduino Micro (and I don’t mean something that physically moves a mouse, rather something that looks like a USB mouse to the computer and periodically sends mouse movement messages).
If you’re desperate enough, look it up as it’s quite simple so there should be step by step instructions out there.
Absolutely love my Uno keyboard for this https://keyhive.xyz/shop/uno-single-key-keyboard
Got like 6 commands on a single key and one of them is to press shift every 30seconds so my computer doesn’t lock. Lifesaver.
Yeah, it’s surprisingly simple to get these microcontrollers to become essentially programmable keyboard/mouse emulators, by which point if you’re familiar with the stuff to program them (Arduino being the simplest and most widespread framework) it really just becomes a coding task and you can get it to do crazy stuff.
I suggested an Arduino Micro board because it bypasses the whole hardware side of the problem, but something like what you mention is even simpler.
I used a Sidewinder keyboard for years with programmable macros.
Yeah, I had my password as a macro.
Dick move on my part as the macro, I’m fairly sure, is stored in plaintext on the PC. But the convenience was great. I don’t do that any more.
Can also just buy one from Amazon if you’re lazy or not technically inclined.
Well, my off the cuff suggestion was what seems simple to me in this domain ;)
That said I get what you mean and agree.
That’s why you buy a jiggler that you place your mouse onto. Not detectable by IT :)
After mine was disabled, I found that if I run videos of old meetings or training onscreen, it keeps the system alive…
Works nicely when I’m WFH.
I set my pocket knife on the ctrl key when I have to step away.
Ahhh the old “level up an RPG Skill by jamming a pen cap into a key and going to watch Night Court reruns” method.
Thanks, I actually didn’t know holding CTRL would keep the system awake!
Does that keep your status in Teams as “online”? That’s what I use the jiggler for - if I’m waiting for CI tests which take 30+ minutes and I sit in front of the laptop, I don’t want to have to manually jiggle my mouse every couple of minutes just to keep my status.
Yep
Awesome, thank you!
That works?
Idk about every application but it keeps windows from timing out which serves most purposes for me.
The internal IT at that hellhole is a nightmare as well.
deleted by creator
There is no compliance item I am aware of that has that requirement, some CISO needs to learn to read.
Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.
The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.
https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243