Syn-ACK :facepalm: on Nostr: nprofile1q…rnaem This reminds me of a previous company that I worked at where the ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqke68qh59qkyeel06lqg32kr29yud4tk6dm4lxp7624lefqr74xdqprnaem (nprofile…naem) This reminds me of a previous company that I worked at where the founder insisted that the dev machine he used - with complete access into our AWS VPS and all the access creds that an attacker would ever need - be open to the internet because he couldn't be bothered to use the VPN that everyone else had to use or set it up on his phone.
Then we got hacked through that very same system. Turns out that his main sycophantic minion had his laptop stolen 2 years prior that contained the SSH key to that machine and they never bothered to change the key. After it got hacked and we cleaned up the mess and rotated all the SSH keys everywhere, we shut down that machine.
2 days later it was back online - he had rebuilt it - using a different SSH key, but one that was old and was also on the stolen laptop.
2 weeks after I left that company, they got hacked again, surprise surprise.
Negligence, laziness, and lack of forward-thinking is absolutely a bigger threat than the cybercriminal element, IMO.
Then we got hacked through that very same system. Turns out that his main sycophantic minion had his laptop stolen 2 years prior that contained the SSH key to that machine and they never bothered to change the key. After it got hacked and we cleaned up the mess and rotated all the SSH keys everywhere, we shut down that machine.
2 days later it was back online - he had rebuilt it - using a different SSH key, but one that was old and was also on the stolen laptop.
2 weeks after I left that company, they got hacked again, surprise surprise.
Negligence, laziness, and lack of forward-thinking is absolutely a bigger threat than the cybercriminal element, IMO.