And another thing


#1

This idiot says he “lives infosec”. Don’t come to me saying you live infosec, but don’t have the time to make something “more secure”. It takes 5 minutes to change the password for a Wi-Fi connection and the creds on the router config (admin/admin is not secure!). If you simply can’t take the time to do that, then you deserved to be hax0red, DOXed and get every “Cease and Desist” letter from Warner Bros.'s attorneys!


#2

I used to get upset at this, but now Im like, “this is most people”. Ive tried teaching them, they know better. So now I wait for them to come to me after theyre victims. meh. People. Natural selection is a cruel mistress, especially over the last year and the years coming up.

He is also probably not real infosec, and one of those show pony botters who “hack their careers”. IE, they bot.


#3

But then don’t claim, “I’m Infosec!” and then proceed to tell me that you can’t be bothered to lock down your shit. That’s the first thing I do. Install updated firmware/software, change the defaults, let 'er fly. There are other things I change as well, just don’t feel the need to go into it here.


#4

I’m not gonna lie. I don’t always do that stuff. What’s the saying? “Shomakers kids never have shoes.”


#5

I don’t usually get upset. This guy just rubbed me the wrong way. I’ve worked hard to get where I am today and to have learned the things that I have regarding security, and to see this guy just nonchalantly dismiss something so simple…


#6

True. I don’t necessarily do ABSOLUTELY everything that could be done either, There’s just things that should be done, you know?


#7

Yeah, I get it. Unfortunately people fucking suck.


#8

do non-IT people even know what infosec is? my point is, we are not even at that level yet, let alone teaching them that this is bad infosec. we first want them to understand there is a field, which is important to their lives, more so than most. its called infosec.


#9

Honestly never thought about that… My guess would be no.

interesting. I like that perspective. Never looked at it that way.


#10

their only knowledge is “hackers break into computers to steal stuff” and viruses are something the IT guy worries about. They never sit down and think. What if the IT guy is the virus :stuck_out_tongue:


#11

Which is the case substantially more often than not, sadly.


#12

more so now since eternalblue got released. now they are focused and targeted. Its one of the primary points in a company they target.
They dont target the CEO. They go after IT and finances. They know IT are easy to melissa exploits. I mean, were talking about people who are not given the budgets they need, treated like dirt, but are meant to have more knowledge than a rocket scientist.

So, you wanna hit a company like equifax? send in a cute girl, she will pwn their IT in days. You now control the company at almost no cost.

Cant get IT through spearphishing with melissa, well, visit his family and install some wannacry ransomware until the IT gives up. Do you really think the IT person, who is treated like crap by a company that does not understand his or her value is not going to be one of the easiest targets out there?

Anyways, I dont trust IT anymore. I say this working in it. Mostly because I saw how many of us sold out.