fsebugoutzone.org:9999

       Post Aj0QIO6PuJbc1bpgNk by jamesh@aus.social
 (DIR) More posts by jamesh@aus.social
 (DIR) Post #Aj0G5PN8sNIAempONc by geordie@aus.social
       2024-06-17T01:27:34Z
       
       0 likes, 0 repeats
       
       Mandatory phishing training. Sigh. Your periodic reminder that generally speaking academic research into phishing training shows that it makes little or no difference, and any difference it makes wears off after about 12 weeks, some people are just credulous and there&#39;s not a great deal you can do about it. Conflicting research showing effective outcomes is pretty much all sponsored by security companies including those that offer phishing training.
       
 (DIR) Post #Aj0GMwmvtCnZDYFpzc by decryption@aus.social
       2024-06-17T01:30:43Z
       
       0 likes, 0 repeats
       
       @geordie but i love ticking boxes and my income depends on it
       
 (DIR) Post #Aj0Hg6rAmO7HtswHDc by bradhd@hachyderm.io
       2024-06-17T01:45:22Z
       
       0 likes, 0 repeats
       
       @geordieMy old work hired an external company to administer phishing training by sending fake phishing emails at random. Checking if an email was theirs was as straightforward as viewing the email&#39;s HTML source and searching for &quot;phish&quot;. Worked every time, defeating the purpose of the entire exercise.
       
 (DIR) Post #Aj0Hlkj7yDe30HrnGq by mattdarveniza@mastodon.social
       2024-06-17T01:46:24Z
       
       0 likes, 0 repeats
       
       @geordie what&#39;s even better is we get sus looking emails from rando domains that actually turn out to be legit all the time, so that training is directly contradicted by the way the company operates in general.
       
 (DIR) Post #Aj0Ijpl2OXVDyuPPuK by SuperMoosie@mastodon.au
       2024-06-17T01:57:15Z
       
       0 likes, 0 repeats
       
       @geordie At our work.HR: You need to do mandatory phishing training, so you can recognise theats.Also HR two weeks later:This email from an outside company address needs you to click on a link to an outside url and enter your work credentials. Also ticking other phiahing boxes.Without any information being placed on official channels that this might be about to happen and is legit.
       
 (DIR) Post #Aj0MHBnPmGHnkc7LlY by thegarbagebird@theblower.au
       2024-06-17T02:36:53Z
       
       0 likes, 0 repeats
       
       @geordie that aligns with my observations, how rewarding
       
 (DIR) Post #Aj0MtH7ERo0FFmY0wa by jamesh@aus.social
       2024-06-17T02:43:48Z
       
       0 likes, 0 repeats
       
       @geordie But if a phishing attack does succeed against the company, they can point at evidence that they made attempts to mitigate the threat.Whether those mitigations actually helped is secondary.
       
 (DIR) Post #Aj0Pl9Wj4v2ZGNI5ke by geordie@aus.social
       2024-06-17T03:15:57Z
       
       0 likes, 0 repeats
       
       @jamesh yeah this. &quot;Oh, we have training for addressing this, I guess we have to review it.&quot;
       
 (DIR) Post #Aj0QIO6PuJbc1bpgNk by jamesh@aus.social
       2024-06-17T03:21:57Z
       
       0 likes, 0 repeats
       
       @geordie It turns out the threat of shareholder lawsuits really just created defenses against shareholder lawsuits, rather than the things those lawsuits were about.
       
 (DIR) Post #Aj0VTPyplY9GnxMfvk by geordie@aus.social
       2024-06-17T04:19:58Z
       
       0 likes, 0 repeats
       
       @bob_zim a place I used to work required you to forward suspected phishing emails, rather than... you know, deleting it which is what yoU FUCKING DO WITH PHISHING EMAILS
       
 (DIR) Post #Aj0acY8XJEP8Tk4o2S by rmhogervorst@fosstodon.org
       2024-06-17T05:17:36Z
       
       0 likes, 0 repeats
       
       @geordieMy stance has always been: If an entire company can get powned by a phishing email you have no right being on the internet.
       
 (DIR) Post #Aj0k6ICO1tUjK68QBE by geordie@aus.social
       2024-06-17T07:03:52Z
       
       0 likes, 0 repeats
       
       @itgrrl I’ll dig them up from last time I had this argument.
       
 (DIR) Post #Aj14ncNSsb55RRFkye by Techn1x@fosstodon.org
       2024-06-17T10:55:45Z
       
       0 likes, 0 repeats
       
       @geordie everyone in my company knows it&#39;s dumb, but we do it anyway, I believe it&#39;s for insurance reasons
       
 (DIR) Post #Aj151RC5FyBwoJWGie by geordie@aus.social
       2024-06-17T10:58:18Z
       
       0 likes, 0 repeats
       
       @Techn1x you know the thought experiment where the monkeys beat up anyone who tries to get the banana?
       
 (DIR) Post #Aj15UrGPPPRM3vZThA by geordie@aus.social
       2024-06-17T11:03:36Z
       
       0 likes, 0 repeats
       
       @itgrrl http://arxiv.org/pdf/2112.07498
       
 (DIR) Post #Aj169tRMDlnYgaG8xM by Techn1x@fosstodon.org
       2024-06-17T11:11:00Z
       
       0 likes, 0 repeats
       
       @geordie now I do 😂