ES version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
75% Positive
Analyzed from 543 words in the discussion.
Trending Topics
#password#access#network#should#passwords#machine#phishing#attack#company#special

Discussion (15 Comments)Read Original on HackerNews
Capitalize that “w”, and you’ve got a password that will pass most PWD policies. Why do they think it was “winter2023!” to begin with? In 90 days when the PWD expires, well, it will be spring of the next year, so…
The better idea is to require passwords with some real entropy, and get rid of expiring passwords. It’s not 1999 anymore.
2. Read until you find a sentence that you like.
3. Use it as your password
My password is now password
Nobody wants the risk of getting locked out because of apple and googles walled garden bullshit
Be nice to them and they'll be nice to you back.
Bad take - the actual problem is that there was a trusted network in the first place. This kind of network access control is trivial to bypass, and trusted devices can get compromised.
A guest device connected to the ethernet port in the conference room has the same access as a device connected to the guest wifi, a staff laptop has it's usual access.
My company sent an internal phishing test last week. Several people immediately reported it to a cybersecurity engineer, posted about it in Slack, saying they were surprised that such a sophisticated phishing attack was happening.
I too was surprised - Google is usually much better about catching these kinds of things in the GMail filter before they get through. Oh well, sometimes one slips though. Reported it and moved on
Come to learn that the only reason it made it through is because we let it through _on purpose_.
By analogy to these red team attacks: _theoretically_ someone could rent a car, pose as an employee, and set up a Raspberry Pi in the network.
But who would go to all that trouble?
Theoretically, someone could craft a perfect phishing attack, but who would go to all that trouble? Spray-and-pray, low precision, high surface area, attacks are the ones I end up reading about.
The only reason this attack vector was open is because the red team stood to gain a massive benefit from succeeding in the attack. What real-world actor would go to the trouble and stand to benefit as much?