415

One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the "unnecessary" USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

you are viewing a single comment's thread
view the rest of the comments
[-] Hogger85b@kbin.social 89 points 1 year ago

Set the automatic timeout for admin accounts to 15 minutes....meaning that process that may take an hour or so you have to wiggle the mouse or it logs out ..not locks.... logs out

From installs to copying log files, to moving data to reassigning owner of data to the service account.

[-] chiliedogg@lemmy.world 53 points 1 year ago

And that's why people use mouse jigglers and keep their computers unlocked 24/7.

[-] fat_stig@lemmy.world 9 points 1 year ago

Mine was removed by Corporate IT, along with a bunch of other open source stuff that made my life bearable.

Also I spent 5 months with our cyber security guys to try and provide a simple file replication server for my team working in a remote office with shit internet connectivity. I gave up, the spooks put up a solid defense, push all the onerous IT security compliance checking onto my desk instead of taking control.

Not as bad as my previous company though, outsourced IT support to ATOS was a nightmare.

[-] Aceticon@lemmy.world 9 points 1 year ago* (last edited 1 year ago)

It's reasonably easy to make a hardware mouse wiggler with an Arduino Micro (and I don't mean something that physically moves a mouse, rather something that looks like a USB mouse to the computer and periodically sends mouse movement messages).

If you're desperate enough, look it up as it's quite simple so there should be step by step instructions out there.

[-] drudoo@lemmy.world 5 points 1 year ago

Absolutely love my Uno keyboard for this https://keyhive.xyz/shop/uno-single-key-keyboard

Got like 6 commands on a single key and one of them is to press shift every 30seconds so my computer doesn’t lock. Lifesaver.

[-] Aceticon@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

Yeah, it's surprisingly simple to get these microcontrollers to become essentially programmable keyboard/mouse emulators, by which point if you're familiar with the stuff to program them (Arduino being the simplest and most widespread framework) it really just becomes a coding task and you can get it to do crazy stuff.

I suggested an Arduino Micro board because it bypasses the whole hardware side of the problem, but something like what you mention is even simpler.

[-] glue_snorter@lemmy.sdfeu.org 1 points 1 year ago

I used a Sidewinder keyboard for years with programmable macros.

Yeah, I had my password as a macro.

Dick move on my part as the macro, I'm fairly sure, is stored in plaintext on the PC. But the convenience was great. I don't do that any more.

[-] steal_your_face@lemmy.ml 4 points 1 year ago* (last edited 1 year ago)

Can also just buy one from Amazon if you’re lazy or not technically inclined.

[-] Aceticon@lemmy.world 3 points 1 year ago

Well, my off the cuff suggestion was what seems simple to me in this domain ;)

That said I get what you mean and agree.

[-] FooBarrington@lemmy.world 5 points 1 year ago

That's why you buy a jiggler that you place your mouse onto. Not detectable by IT :)

[-] fat_stig@lemmy.world 5 points 1 year ago

After mine was disabled, I found that if I run videos of old meetings or training onscreen, it keeps the system alive...

Works nicely when I'm WFH.

[-] lightnsfw@reddthat.com 5 points 1 year ago

I set my pocket knife on the ctrl key when I have to step away.

[-] Krudler@lemmy.world 6 points 1 year ago

Ahhh the old "level up an RPG Skill by jamming a pen cap into a key and going to watch Night Court reruns" method.

Thanks, I actually didn't know holding CTRL would keep the system awake!

[-] FooBarrington@lemmy.world 5 points 1 year ago

Does that keep your status in Teams as "online"? That's what I use the jiggler for - if I'm waiting for CI tests which take 30+ minutes and I sit in front of the laptop, I don't want to have to manually jiggle my mouse every couple of minutes just to keep my status.

[-] lazylion_ca@lemmy.ca 3 points 1 year ago
[-] lightnsfw@reddthat.com 3 points 1 year ago* (last edited 1 year ago)

Idk about every application but it keeps windows from timing out which serves most purposes for me.

[-] 0xD@infosec.pub 2 points 1 year ago

The internal IT at that hellhole is a nightmare as well.

[-] netburnr@lemmy.world 15 points 1 year ago

There is no compliance item I am aware of that has that requirement, some CISO needs to learn to read.

[-] Hobo@lemmy.world 11 points 1 year ago

Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.

The other thing that tends to get overlooked is that AC-12 let's you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.

https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243

this post was submitted on 23 Oct 2023
415 points (97.5% liked)

Ask Lemmy

26669 readers
1631 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics.


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 1 year ago
MODERATORS