Comment Re:Say what? (Score 1) 58
Can I suggest your attitude here is why we are still struggling to solve the same IT security problems that have been subject of most discussion for more than a decade now?
What discussion are you talking about exactly?
if IT staff don't have the ability to install software on a given computer, they're not going to use that computer for anything of consequence, certainly not for something that's as big of a time-sink as email can be. The problem is that a normal computer set up for a normal user, isn't really usable for us.
Why if its so bad you can't or won't use it, it can't really be 'good' for anyone else can it. Maybe you should be trying to fix that?
Why don't you go and fix that, instead of asking people who want to do their jobs efficiently to do the exact opposite – mucking about with pointless drivel for the sake of making some holier-than-thou infosec wannabe like you happy?
But you are different right - you don't ever run binaries from lower trust sources than what is in you general supply chain right? If you use FOSS tools or scripts you carefully audit all of them for RATs, backdoors, etc, don't you? I mean you saved so much time not using that 'normie setup'!
Personally I don't anything in Outlook anyone else in the company probably should not need or want to do. I don't run rando tool on my host system either - I don't want machine where I do basic office work fouled up and krufted up. I have VM for these things that does not get my account on corporate systems, if I need to authenticate something on the VM. I usually shut the VM down and roll my passwords.
I'll close this off with something people like you really need to read: https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fkellyshortridge.com%2Fbl...
If you can see yourself in that text, maybe stop being a jerk and let people do their job for once.
