A lot of hacking is actually social engineering. It's not hard to get a tech-illiterate person to give up their password, and that's the softest target for an attack.
I prefer the old “drop a usb in the parking lot”
Be sure to put a label on it that says "secrets!"
Nowadays you'd probably be more likely to get a hit by putting an "Anime titties" label on the drive
Why would you drop a drive full of world news?
I'm interested.
Just put the CEO's name on it and a very recent date. They'll be dying to know what secret information the CEO was carrying around.
I prefer a label that says, "Warning: USB stick contains scary virus. Do not plug into a computer"
Or even jaded tech savvy people. I work in IT and there have been a number of times that I have witnessed or heard about people who know better causing an incident because they're burnt out or irate.
"Wait a second...I don't give a shit about this company."
This seems like there is an idea for a joke or a comic here somewhere...
Happy employees are less likely to be socially engineered? Wow shocker
That's a good point! I like the way you think! What is your password?
It's *******, what's yours?
Edit: that's cool, Lemmy blocks it out!
Ah, cool, let me try:
iWantToSuckFrozengyro'sToes69
Hacker voice: "I'm in"
Looks at overly complicated industry software he's never even heard of before
"I'm out"
"Looks like these guys have already been hit with ransomware."
So SAP.
Wait, I have an idea! Yes, just as I thought, I can overlay their proprietary operating system with this fancy looking graphical interface that resembles nothing and gain full control of their system. I'm back in!
We have these obligatory online seminars about web security /privacy at work.
Turns out that for some reason, with Privacy Badger enabled, they appear as "passed" instantly. I never saw a single second of these endless seminars.
I tried to tell the IT guy but he couldn't care less and I suspect he didn't even know what Privacy Badger actually is
"Working as intended" - the dev who loves Privacy Badger.
Or maybe he feels that these seminars are for people who don't use things like privacy badger.
It seems like you don't need Training then (:
Its like the only accurate part of hackers
And sadly, hackers is like the most accurate hacking in any movie.
(Opens DOS, frantically types)
“Heh. I was able to SSH right into their jpg with nothing but an Ethernet cable and router grease.”
router grease
I don’t think that’s what you think it is sir carefully hides tissues
We get fake phishing emails that are actually from IT and if we don't recognize and report them, we get a talking-to. It's a good way of keeping employees vigilant.
A friend (who actually works in IT) apparently has a good system at his company. It actually automates turning real phishing attempts into internal tests. It effectively replaces links etc and sends it onwards. If the user actually clicks through, their account is immediately locked. It requires them to contact IT to unlock it again, often accompanied by additional training.
My last company did this. They'd also send out surveys and training from addresses I didn't recognize, so I'd report those, too, only to be told they were legit 😂
I send supervisor emails about stuff I'm not gonna do to my spam folder as well.....
"Did you get the email?"
"Nope, sorry, it looked a little suspicious so I didn't open and sent it to spam.."
Nah, this isn't cool. Fuck the company, but this will fuck over the users more than anyone.
If company does not give a crap about employee then they don't about customer
companies care about money everything else is means for the purpes
"I wonder why they'd need my 2FA too, but oh, well... "
You get a duo push! And you get a duo push! ...
I might care if they paid me a living wage.
I’m all for acting your wage, but I don’t want to make victims of anyone who is interacting with my company simply because I was feeling spiteful. The company will be fine, the tons of people who just had their information leaked are the ones who are truly inconvenienced and may face financial repercussions later on when their information is distributed. Just something to consider
A good portion of the movie Hackers was social engineering. That's how Mitnick got into a lot of systems as well. Why search for vulnerabilities in apps when people are much easier to manipulate.
HACK THE PLANET
I wonder if that's how my old job had 780 gb of source stolen though social engineering.
780 gb of source code? Sounds a bit overengineered, I bet that was hard to audit for security flaws
If there's 780 gb of source code, I doubt anyone there has the wherewithall to do security audits
Comic Strips is a community for those who love comic stories.
😇 Be Nice!
🏘️ Community Standards
🧬 Keep it Real
📽️ Credit Where Credit is Due
📋 Post Formatting
📬 Post Frequency/SPAM
🏴☠️ Internationalization (i18n)
Sí, por favor [Spanish/Español]🍿 Moderation
The following artists are banned from the community.
It should be noted that when you make reports, it is your responsibility to provide rational reasoning why something should be removed. Saying it simply breaks community rules is not always good enough.
Note: This is not a rule, but a helpful suggestion.
When posting images, you should strive to add alt-text for screen readers to use to describe the image you're posting:
Another helpful thing to do is to provide a transcription of the text in your images, as well as brief descriptions of what's going on. (example)