I got some startling "news" for non-techie people. This has ALWAYS been the case.
I got my first real IT job back when only the fanciest homes had a 28.8 dial up modem. The people that work on the other side of the server have never needed your password to mess with your stuff.
One of my most common tasks in the early days of the internet was logging into people's email accounts to delete attachments that were too big. They'd call me up complaining that their email client kept timing out, and it was usually because someone had tried to send them a massive image file or something.
I wasn't supposed to tell them HOW I was fixing their problem, because the company didn't want to draw attention to the fact that some college student that had just walked in off the street and applied for an entry level position could open up and read every email they have, download any attachments they'd sent, and send replies or mass messages in their name.
As electronic communication has gotten bigger, more integrated, and more heavily relied on by society, the percentage of users who actually understand how it works has only gotten smaller. It's so much easier now than before to circumvent security measures. Twitter wasn't "hacked". Someone just got hold of a legit admin password.
Any IT company can only be as trustworthy as its lowest level employee. NEVER assume online communications are secure.
I think blockchain tech can be leveraged in the future so that once you write something from your authorized device it can't be edited by anyone else. Will also decentralize control of the data.
I agree a blockchain based tech for your own personal social media feed would be great. It should also make it impossible to delete past tweets. You can edit, revise, flag etc but the revision still exists. So for example if you make 28,000 posts about pedophilia you can't just one day go and delete them all because people start calling you a pedophile.
One caveat to what you're talking about. I did IT in the US Army, and we had the same privileges you're talking about.
The military used and probably still does, PKI digital certificates to verify user identity when sending each email. Without that certificate, you weren't supposed to trust the source.
Your ID Card held the certificates, and if the ID Card wasn't slotted into the PC at the time of writing an e-mail, it wouldn't be digitally signed.
All true, and still how it's done, but that doesn't mean the typical user actually understands how that works and looks for the digital signature. We've all had the click-through "training" and signed the page-13s so we can be taken to mast over it, but that's all just legal CYA.
In reality, we typically put more effort into figuring out how to get AROUND the security ourselves because it makes the actual job more inconvenient. I've personally had to "counsel" people for giving out their CAC PIN just so they don't have to take the time to log off and let someone else log in to do something. It happens all the time.
It's also vitally important to remember that the Ft. Hood shooter had a clearance. It only takes ONE person without integrity to undermine the system. Or as my father used to say, "Locks are for honest people".
Also folks, this is the real reason why you never give your password to some cold-caller. Anybody who needs to be able to get into your account for maintenance already can.
Exactly. If you get a cold call that seems like it may be legit, always tell them you don't have time to talk, look up the legit customer service number, and call them back.
Better to suffer the inconvenience of having to get back to them then to take the risk of discussing your accounts with a cold caller. If it turns out that they WEREN'T trying to contact you, you can alert them to the scam.
Funny semi-related story... I had set up a smtp server on my Redhat box with a squirrelmail front end (I had some sort of client that would update my domain with my current ip). Anyhow.. this was for me and my then wife. Well, one day she complained about her mail was "stuck". Well, after paging logs, looking at mail queues etc I found the problem, but in the midst of all that I found out she had been having an affair because one her emails was causing the smtp daemon to croak.
At work I often was amused as LP would check my lunch box to see if I stole something whilst earlier that day I was paging through 100,000's of credit card transactions from 100+ stores supporting some credit auth issues we might have been having.
I got some startling "news" for non-techie people. This has ALWAYS been the case.
I got my first real IT job back when only the fanciest homes had a 28.8 dial up modem. The people that work on the other side of the server have never needed your password to mess with your stuff.
One of my most common tasks in the early days of the internet was logging into people's email accounts to delete attachments that were too big. They'd call me up complaining that their email client kept timing out, and it was usually because someone had tried to send them a massive image file or something.
I wasn't supposed to tell them HOW I was fixing their problem, because the company didn't want to draw attention to the fact that some college student that had just walked in off the street and applied for an entry level position could open up and read every email they have, download any attachments they'd sent, and send replies or mass messages in their name.
As electronic communication has gotten bigger, more integrated, and more heavily relied on by society, the percentage of users who actually understand how it works has only gotten smaller. It's so much easier now than before to circumvent security measures. Twitter wasn't "hacked". Someone just got hold of a legit admin password.
Any IT company can only be as trustworthy as its lowest level employee. NEVER assume online communications are secure.
You speak the truth.
I think blockchain tech can be leveraged in the future so that once you write something from your authorized device it can't be edited by anyone else. Will also decentralize control of the data.
The re-decentralization of the Internet cannot come fast enough.
I agree a blockchain based tech for your own personal social media feed would be great. It should also make it impossible to delete past tweets. You can edit, revise, flag etc but the revision still exists. So for example if you make 28,000 posts about pedophilia you can't just one day go and delete them all because people start calling you a pedophile.
Thank you!
One caveat to what you're talking about. I did IT in the US Army, and we had the same privileges you're talking about.
The military used and probably still does, PKI digital certificates to verify user identity when sending each email. Without that certificate, you weren't supposed to trust the source.
Your ID Card held the certificates, and if the ID Card wasn't slotted into the PC at the time of writing an e-mail, it wouldn't be digitally signed.
All true, and still how it's done, but that doesn't mean the typical user actually understands how that works and looks for the digital signature. We've all had the click-through "training" and signed the page-13s so we can be taken to mast over it, but that's all just legal CYA.
In reality, we typically put more effort into figuring out how to get AROUND the security ourselves because it makes the actual job more inconvenient. I've personally had to "counsel" people for giving out their CAC PIN just so they don't have to take the time to log off and let someone else log in to do something. It happens all the time.
It's also vitally important to remember that the Ft. Hood shooter had a clearance. It only takes ONE person without integrity to undermine the system. Or as my father used to say, "Locks are for honest people".
Also folks, this is the real reason why you never give your password to some cold-caller. Anybody who needs to be able to get into your account for maintenance already can.
Exactly. If you get a cold call that seems like it may be legit, always tell them you don't have time to talk, look up the legit customer service number, and call them back.
Better to suffer the inconvenience of having to get back to them then to take the risk of discussing your accounts with a cold caller. If it turns out that they WEREN'T trying to contact you, you can alert them to the scam.
Funny semi-related story... I had set up a smtp server on my Redhat box with a squirrelmail front end (I had some sort of client that would update my domain with my current ip). Anyhow.. this was for me and my then wife. Well, one day she complained about her mail was "stuck". Well, after paging logs, looking at mail queues etc I found the problem, but in the midst of all that I found out she had been having an affair because one her emails was causing the smtp daemon to croak.
At work I often was amused as LP would check my lunch box to see if I stole something whilst earlier that day I was paging through 100,000's of credit card transactions from 100+ stores supporting some credit auth issues we might have been having.