|
Ulf posted:assuming you have a more real-time comm tool like slack or teams then you can just ignore email, you can just filter everything to trash and nobody will even notice or call you on it ime this is great except like two of our execs only ever communicate via email and when i have tried to message them on slack they never got back to me
|
#
?
Jun 21, 2022 18:23
|
|
|
|
| # ? Apr 26, 2024 21:14 |
|
|
Trabisnikof posted:the best is running a pishing campaign then chiding anyone who clicked for ever clicking on out of domain emails our new CISO is currently sending out emails demanding everyone download and install this software that is basically "zabbix + active directory but in the cloud for idiots who don't know how to use zabbix or active directory" in between the emails demanding everyone never ever click any links to download and install anything ever
|
|
#
?
Jun 21, 2022 18:27
|
|
|
Trabisnikof posted:the best is running a pishing campaign then chiding anyone who clicked for ever clicking on out of domain emails Luv2get emails for mandatory security training in an email I would 100% mash the "phishing" button on because they ended up being the lowest bidder or whatever other absurd rationale made them the choice.
|
|
#
?
Jun 21, 2022 18:28
|
|
|
Trabisnikof posted:the best is running a pishing campaign then chiding anyone who clicked for ever clicking on out of domain emails  levitating 2 feet above the ground. i am trying to get to the point where "oh I thought it was a phishing exercise" becomes an excuse for ignoring real requests sent via email
|
|
#
?
Jun 21, 2022 18:31
|
|
|
post hole digger posted:
already see where this is going, "THEN WHY DIDN'T YOU HIT THE BUTTON IN OUTLOOK THAT REPORTS THE EMAIL AS PHISHING HUH??"
|
|
#
?
Jun 21, 2022 18:35
|
|
|
post hole digger posted:
most emails should be ignored
|
|
#
?
Jun 21, 2022 18:40
|
|
|
post hole digger posted:
Lmao they're soooooo close to getting it.
|
|
#
?
Jun 21, 2022 18:50
|
|
|
post hole digger posted:
Not seeing the issue here.
|
|
#
?
Jun 21, 2022 18:59
|
|
|
I've been very fond of this email I got at work:quote:Hello <my first name>: Vanadium fucked around with this message at 19:09 on Jun 21, 2022 |
|
#
?
Jun 21, 2022 19:07
|
|
|
my work email has two folders: github notifications and everything else. i glance over "everything else" once every few days and then usually just hit mark all as read
|
|
#
?
Jun 21, 2022 19:29
|
|
|
Vanadium posted:I've been very fond of this email I got at work: 
|
|
#
?
Jun 21, 2022 19:54
|
|
|
Vanadium posted:I've been very fond of this email I got at work:  unrelated, i have been asked to give a presentation on IT security to a client at their company retreat next week. should be hilarious.
|
|
#
?
Jun 21, 2022 20:38
|
|
|
I just want simulated phishing to go away entirely. I don't want my staff to waste the mouse clicks in settings it up. User education seems to be less valuable every year. If the tech doesn't work, users aren't going to save you.
|
|
#
?
Jun 21, 2022 20:43
|
|
|
post hole digger posted:
and so it was by not touching phish that the student touched fish and became enlightened
|
|
#
?
Jun 21, 2022 20:44
|
|
|
Vanadium posted:I've been very fond of this email I got at work: lmao Sickening posted:I just want simulated phishing to go away entirely. I don't want my staff to waste the mouse clicks in settings it up. User education seems to be less valuable every year. If the tech doesn't work, users aren't going to save you. this is my feelings on the matter. i brought this up mostly wondering if anyone else felt the same
|
|
#
?
Jun 21, 2022 20:51
|
|
|
Sickening posted:I just want simulated phishing to go away entirely. I don't want my staff to waste the mouse clicks in settings it up. User education seems to be less valuable every year. If the tech doesn't work, users aren't going to save you. Our field trials ended up in zero deploys since we had absolute certainty that, no matter how many times our users got pranked, they would never learn to check the indicators for a phish mail. One of our users cryptolocked us three times in the same fiscal quarter and nothing was done about it, not even a stern email, so we have zero hopes on that front.
|
|
#
?
Jun 21, 2022 21:54
|
|
|
hacking into the worldwide jacuzzi networkquote:The login works by sending the username and password to Auth0. On success, access and ID tokens are returned. The access token is then sent to Auth0’s /userinfo endpoint and this information is returned: lol infernal machines fucked around with this message at 00:33 on Jun 22, 2022 |
|
#
?
Jun 21, 2022 23:07
|
|
|
jesus christ
|
|
#
?
Jun 22, 2022 00:21
|
|
|
Not a single use of "hackuzzi". Disgraceful.
|
|
#
?
Jun 22, 2022 00:42
|
|
|
user@hot-tub-crime-machine$ hack-all-jacuzzis
|
|
#
?
Jun 22, 2022 00:46
|
|
|
isCool()
|
|
|
#
?
Jun 22, 2022 01:02
|
|
|
returned "false"
|
|
#
?
Jun 22, 2022 01:08
|
|
|
that's hott
|
|
#
?
Jun 22, 2022 02:22
|
|
|
Shame Boy posted:our new CISO is currently sending out emails demanding everyone download and install this software Shaggar posted:most emails should be ignored SlowBloke posted:One of our users cryptolocked us three times in the same fiscal quarter and nothing was done about it Ulf fucked around with this message at 02:37 on Jun 22, 2022 |
|
#
?
Jun 22, 2022 02:34
|
|
|
hackers can turn your Jacuzzi into a deep fryer!!!
|
|
#
?
Jun 22, 2022 02:59
|
|
|
~Coxy posted:hackers can turn your Jacuzzi into a deep fryer!!!
|
|
#
?
Jun 22, 2022 03:07
|
|
|
Ulf posted:you should report this suspicious email via your mail client's "phish" button i did and instead of answering me directly he replied all to the original email to assure us it was not a phishing attempt, which is definitely not something a phishing attempt would do, so i'm satisfied
|
|
#
?
Jun 22, 2022 03:22
|
|
|
[NOT A SCAM] Please read: Important Instructions Attached
|
|
#
?
Jun 22, 2022 03:51
|
|
|
Shame Boy posted:i did and instead of answering me directly he replied all to the original email to assure us it was not a phishing attempt, which is definitely not something a phishing attempt would do, so i'm satisfied definitely sounds like something someone with unauthorized access to their account would do, so you better report it again just in case
|
|
#
?
Jun 22, 2022 05:06
|
|
|
lol the NTSB's SSL cert expired so I can't get to ntsb.gov and read my boring dry accident reports it's a letsencrypt cert too so there's really no excuse
|
|
#
?
Jun 22, 2022 10:12
|
|
|
certbotch
|
|
#
?
Jun 22, 2022 13:02
|
|
|
last company required us to print out our phishing training certificates and hang them up. Naturally the site that the training redirected you to was some unaffiliated third party which asked you for your full proper name for the cert anyway my coworker had his up for years pre:--------------------------------- | This certifies that | | BY TYPING NY NAME HERE I MAY BECOME A VICTIM OF PHISHING | has completed all | | required training. | ---------------------------------
|
|
#
?
Jun 22, 2022 19:16
|
|
|
Volmarias posted:Luv2get emails for mandatory security training in an email I would 100% mash the "phishing" button on because they ended up being the lowest bidder or whatever other absurd rationale made them the choice. we got a nag mail about filling out some external workplace health survey which offered prizes and it looked exactly like phishing: * Asks you to go to an external link * Sense of urgency * Offers rewards I ignored it but a colleague reported it and got a response of "this looks like mass business spam mail, thanks for reporting it". it was sent by IT management lmao
|
|
#
?
Jun 22, 2022 20:50
|
|
|
Shame Boy posted:lol the NTSB's SSL cert expired so I can't get to ntsb.gov and read my boring dry accident reports type `thisisunsafe` into chrome when this happens and it'll ignore cert errors and proceed
|
|
#
?
Jun 23, 2022 01:40
|
|
|
Jonny 290 posted:type `thisisunsafe` into chrome when this happens and it'll ignore cert errors and proceed does that bypass HSTS too cuz they had that enabled
|
|
#
?
Jun 23, 2022 01:57
|
|
|
Jonny 290 posted:type `thisisunsafe` into chrome when this happens and it'll ignore cert errors and proceed sometimes I wish all these warnings could be configured for ridiculous degenerate cases for instance, I setup a linux pc for loading some customers’ router firmware at the end of an assembly process. this involved plugging directly in to the PC and sending a series of commands to the default IP address. by default ssh will throw a fit if you connect to the same IP address and it’s a different fingerprint, refusing to connect. as I bypassed all the security for passwords, certificates and fingerprints I thought “I just need an opposite mode” - if the username/password wasn’t admin/admin, the certificate was signed or the fingerprint matched somebody hosed up and is programming the same gateway again!
|
|
#
?
Jun 23, 2022 02:43
|
|
|
Shame Boy posted:does that bypass HSTS too cuz they had that enabled yep it used to be "badidea" and then too many people started using it and they had to change it to "thisisunsafe" lol
|
|
#
?
Jun 23, 2022 02:49
|
|
|
I wish SSL cert warnings didn't exist by spec if you are connecting to RFC1918 space and whoever said privacy is pointless without authentication can eat my whole rear end.
|
|
#
?
Jun 23, 2022 05:49
|
|
|
what a terrible idea
|
|
#
?
Jun 23, 2022 05:55
|
|
|
|
| # ? Apr 26, 2024 21:14 |
|
|
spankmeister posted:what a terrible idea
|
|
#
?
Jun 23, 2022 05:57
|
|
