One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

  • @Rooty
    link
    41 year ago

    Again, how is the attacker going to see a piece of paper that is stuck to the side of the screen? This rule makes sense in high traffic areas, but in a private persons home? The attacker would also need to be a burglar.

    • @KrudlerOP
      link
      English
      21 year ago

      It seems that some people are having trouble following the conversation and a basic stream of topical logic.

      The initial premise was that somebody could see your passwords by pwning your machine… And using that to… Turn on webcam so they could steal your password so they could… pwn your machine?

      Lol

      • @Hobo
        link
        -21 year ago

        Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.

        They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.

        Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?

        • @KrudlerOP
          link
          English
          11 year ago

          deleted by creator

        • @KrudlerOP
          link
          English
          11 year ago

          deleted by creator

        • @KrudlerOP
          link
          English
          11 year ago

          Would you just stop.

          • @Hobo
            link
            11 year ago

            I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you.

    • @KrudlerOP
      link
      English
      11 year ago

      deleted by creator

    • @KrudlerOP
      link
      English
      11 year ago

      deleted by creator