One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

  • residentmarchant@lemmy.worldEnglish
    924·
    11 months ago

    A truly dedicated enough attacker can and will look in your window! Or do fancier things like enable cameras on devices you put near your monitor

    Not saying it’s likely, but writing passwords down is super unsafe

    • Krudler@lemmy.worldOPEnglish
      573·
      11 months ago

      What you are describing is the equivalent of somebody breaking into your house so they can steal your house key.

      • curve_empty_buzz@discuss.tchncs.de
        205·
        11 months ago

        No, they’re breaking into your house to steal your work key. The LastPass breach was accomplished by hitting an employee’s personal, out of date, Plex server and then using it to compromise their work from home computer. Targeting a highly privileged employees personal technology is absolutely something threat actors do.

        • Krudler@lemmy.worldOPEnglish
          14·
          11 months ago

          The point is if they’re going to get access to your PC it’s not going to be to turn on a webcam to see a sticky note on your monitor bezel. They’re gonna do other nefarious shit or keylog, etc.

          • residentmarchant@lemmy.worldEnglish
            63·
            11 months ago

            Why keylog and pick up 10k random characters to sift through when the password they want is written down for them?