arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options

File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######


File: 1515119920553.jpg (9.07 KB, 300x168, seeyouspacememe.jpg)

 No.2336

Hey /cyb/, has anyone else received loaned company laptops before and found spyware or other surveillance processes installed by your own company? I recently got mine and I'm wondering what the possibilities are.

 No.2338

Are you for real?
Don't remove that unless you like getting fired.
I assume you mean that your company gives you a laptop to do work on that's configured so people don't have to have the pain in the ass of setting up VPN's and firewall etc. It's their property so they can do whatever they want on the hardware. That also for sure includes monitoring software.
soykaf I wouldn't be surprised if they had a way to remote wipe the hard drive just in case.

 No.2348

Thanks fellow lainanon, I was just curious if this was a common thing , although t know better than to remove such software.

 No.2352

>>2336
Yeah and I always remove them. Fuck them if I want to steal their information and sell it to the competition I'll continue to do so. It makes me a killing with my income.

 No.2353

>>2336
>>2338
>Don't remove that unless you like getting fired.
this, OP
Otherwise, cover the camera and mic if you bring it home. Don't use it for anything but work.

 No.2356

File: 1515287405522.jpg (20.93 KB, 600x450, it_snek.jpg)

There's stuff like data loss prevention or agents that might force your traffic through a network gateway or agents that log process spawning.

Usually these are meant to prevent you from exfiltrating specific kinds of data. Like lists of SSNs or stuff.

 No.2360

>>2353
How do I cover the mic?

 No.2361

>>2360
Use black tape

 No.2368

>>2352
>Fuck them if I want to steal their information and sell it to the competition I'll continue to do so. It makes me a killing with my income.
If this isn't a larp, you're a jackass lol
I mean, glhf getting a job when you get caught
There are people better at attribution than you are at hiding. Don't be stupid for too long. No one likes a turncoat.

 No.2371

So now with all that soykaf out of the way lets get real.
I worked for university IT for a little bit. Part of getting your university email on your phone was accepting a bunch of bullsoykaf permissions. Stuff like we can read your emails block certain attachments etc.
However the very last one was we can unlock and wipe your phone and you have to give permission to do this to get your email. Now my boss said that that's only in case someone like the chancellor loses their phone or some soykaf like that. When I brought up the fact that this is a major security flaw and just waiting to be exploited I got a "not our department don't worry about it"

Fast forward to one month ago. The head of university security is giving a talk about phishing at a local sec meet-up. They admit they had a 27% click rate and login on this phishing email they sent out. However they refused to show the numbers on how many people in IT actually clicked it.

This is why I don't have my email on my phone and why I won't put any company's bullsoykaf on my personal hardware anymore.

Moral is: read through all the agreements and you'll see exactly what they are putting on there and what permissions they want.

 No.2405

>>2371
Sounds like pretty standard MDM / BYOD mobile solution.

Out of curiosity, what specifically is the huge security flaw? Or are you thinking of just the general risks of giving software you don't trust administrative rights over your machine?

 No.2406

>>2405
Well making it so that its over everyones machine and not just the dean chancellors or heads of the schools.

If someone gets in and can get the proper permissions to wipe everything it's gonna be a soykaf show.

 No.2407

>>2406
Oh yeah I follow.

Yeah that's a totally unneeded risk. Especially since a lot of these solutions are hosted in the cloud these days and on shared instances.

 No.2408

>>2336
They probably do, legal reasons too.
One of my directors mentioned they do, but dont really check unless they have a reason to.
Some companies watch if you are looking at some specific sites, I was looking for jobs outside my company and I would get a flood of job posting for my current company to my personal email.

 No.2409

>>2352
Literally never happened, Black hat edge lord

 No.2428

>>2409
I just don't understand the need for larping on an anonymous canadian maple syrup cataloging imageboard
If you want to impress normans with your leet skillz, just get your CISSP and walk around RSA

 No.2430

It's better to just assume corporate laptops are pre-owned.

Do any personal browsing on a personal smartphone.

Non-soykafty companies will have a guest network for personal devices, just route your traffic through a VPN.

Shell out for the unlimited data plan if you have a soykafty one :)

 No.2437

In my school, We all get one pre-installed with programs that are relevant to what we study. I came to notice quickly how dreadfully weak and slow the computer were despite it's components. Looking at task manager there was an insane amount of processes irrelevant to the programs. (No joke, even the Chromium trojan.)
I reported this, and actually got the reply "Yeah the heads that give out the computers pre-install programs so our students don't use the computers for bad."
Whilst I understand it's good to have in order for illegal activites to not be frequent, It still feels rather creepy. This webcam certainly has started to look like an eye. I make sure to always leave the laptop out of my apartment.

 No.2474

Format and reflash with your own OS, why take the chance?

 No.2905

File: 1528635062820.jpg (42.97 KB, 750x725, fff672b51acf5f1da180a9bb72….jpg)

>>2428
>If you want to impress normans with your leet skillz, just get your CISSP and walk around RSA



[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]