this post was submitted on 07 Jun 2024
199 points (96.7% liked)
Asklemmy
43944 readers
876 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy 🔍
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
This is (presumably) people's personal health care information. Please don't fucking do this, Jesus Christ.
If not just because it's a really shitty thing to do, I'm pretty sure it's also at least one felony.
Then compromise the machine yourself without stealing personal data from unrelated people.
Then he gets fired for hacking. And possibly winds up arrested for illegal activity.
It's a stupid idea.
Just send the boss an email that says what they spoke about verbally. That way if the system does get hacked, the guy has a paper trail to cover his own ass to show he told the boss.
He is a security advisor for their IT infrastructure, he will not get caught lol
lol said every individual who went to court. “I didn’t think I would get caught”.
Yes, but if any individual would fly a plane, I wouldn't be to shocked when most of them crash, but when a pilot is flying one, I'd expect him to land safely.
You understand that legally speaking this is approximately the same thing as telling your boss that the front door isn't strong and thieves could easily kick it in, and then when they refuse to fix it, the response you're suggesting is "show up at 3 am and take a sledgehammer to the door, but just dont steal anything from inside" right?
The point is to cover your ass, not pull your pants down.
The point is to get him to switch so you have peace in your network and don't have to handle the shit show when someone else does it.
Yes I understand the intention, but in one of these scenario's I've covered my ass legally and if something happens where the company gets ransomware for example, I likely get paid thousands of dollars in overtime restoring backups and the user ends up updating anyway, and in the other I can go to prison, lose my job, and never be able to use my time at that company as a reference on a resume let alone probably easily get a job again because now I have a criminal record.
I know this because I have lived scenario A probably 6 times in my life.
I know, I live those scenarios too, I said let some 4chan degenerate do the dirty work, get paid for fixing it and get your network in check - if you morally can't handle that situation because of the data, then do it yourself and you can ensure that your boundaries are not crossed.
Free pro tip: If you do it yourself, you still get paid to fix it ;D
Yea I don't trust the opsec of some random 4chan user to cover their tracks and therefore mine in that scenario.
I'll just take the option that guarantees I can't go to jail and ruin my entire fucking life lol.
How is the opsec from some 4chan degenerate having impact on your opsec? Only correct answer is, because you have bad opsec.
Hmmm yes I suppose that is true.
Nonetheless I'll always opt for the course of action that has the smallest potential negative impact on my personal life.
Well for a security professional, it should not be such a big deal.
My counterpoint to that is that if you're a good security professional, you wouldn't take such risks because your entire job revolves around mitigating risks.
If you break into a network, or have someone do it for you, it's very difficult to completely remove all evidence of that having occurred, and because there's just so many variables, there will always be a non-zero percent chance of it being traced back to you.
Your company can hire an entire security firm of security professionals to look for this evidence. I don't care who someone is or how good they are at their job, very few people, unless they have narcissistic personality disorder, would trust that their individual skill completely outweighs the combined skill of an entire team of people who do that every day as their occupation.
Furthermore, taking such extreme risks with ones future just screams that they have some mental problem which they should probably be talking to a professional about, because a typical person would consider taking any risk of being imprisoned for years for computer crimes too big of a risk.
With this argumentation, you could argue that a good security professional is not leaving the house, because the risk of something dangerous happening is definitely lower if he stays inside.
Comparing the allegory of my argument to yours, there is a very wide breadth between not going outside because something bad might happen and going outside and setting your cars driver seat on fire to show your wife that someone could potentially set your entire car on fire, leading to your wife calling the police, the police checking your neighbors security camera you didnt even realize existed to notice that you set the drivers seat on fire, and then charging you with mischief, arson, and public endangerment.