I am taking a required online training on "internet security" at my new university.
-
i worked at a company that did 3rd party phishing mandatory training, with "click on this link" to start the video.
HR forgot to tell anyone that the email would be coming from a 3rd party or what domain name it should be for the link.
our VP of engineering was pretty proud that over 70% of the engineering part of the company reporting the email as a suspicious phishing attempt. sadly, we still had to watch the video, which was pretty useless...
@paul_ipv6 @pseudonym @actualham I've heard the head of IT tell off multiple people for not doing the mandatory training...and they all tell him they thought the emails were malicious. Nothing has changed.
-
@actualham As someone who develops and supports e-learning, I can tell you that ALL the software available to produce and then host it is terrible. In ours, depending on which software was used to create the SCORM you either must use Edge for some and Chrome for others. It’s a total nightmare.
@ZS @actualham some of us have a VM with Windows and Edge and Chrome specifically for times like that. The VM gets reset after every event. No reason.
Also, please provide the link to the training in the form of a QR code in a PDF that takes users to a URL obfuscator before redirecting to the actual training.
-
Same as it ever was. Same as it ever was.
As part of #infosec, I weep when I see stuff like this and the training class.
The unauthenticated emails from 3rd party platforms that HR uses to inform employees of legit business stuff, the surveys, all of it.
And they wonder why BEC (business email compromise) keeps happening when the bad guys send a legit looking "We changed our bank account, please update this routing number" email to Accounts Payable.
@pseudonym @paul_ipv6 @actualham for a while I had a mortgage with a bank that primarily communicated via a generic bulk email provider that obfuscated links in emails.
So I'd get "Important notice about your loan" from nsw6252.salesmail-au.com and every URL was to ...cliktrak.org
They could not understand how this was problematic. "just click the link"
-
@anarchademic @rgulick probably legal and the back end of IT
-
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
In a virtual machine, of course.
-
@rgulick note that my excellent uni has world-renowned experts on cybersecurity, and highly skilled instructional designers. But all of this was farmed out to a third party, which is why it could hardly run inside our canvas without everything breaking. Another example of how we hire consultants to sell us what we could do better ourselves but think we can’t “afford” to support internally.
@actualham @rgulick
> all of this was farmed out to a third party
Internal team would not pay the comission to the pockets due, simple as that. -
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
@actualham malicious actors are the reason we can’t have nice things:
It seems that there’s no way to share anything with a URL these days.
You can’t even trust QR’s, and that is the only way to read a restaurant’s menu in Santiago since the pandemic.
-
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
-
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
@actualham At least where I work I can legitimately respond "Can't do. Those settings are managed by security policy and the ability for users to change them is disabled.".
-
@adamrice oh flash remember those fun days
@actualham @adamrice "oh flash" sounds like an adult not swearing around the kids.
-
i invite people to look at this account and the creation date and the message history
and then remark on the hilarious irony of such a message existing in this thread
EDIT:
this comment is not a reply to actualham, it is a reply to an intervening comment i did not mention so they would not see my reply in their notifications. it seemed like a scam, and it is now gone
-
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
@actualham Same vibe at my Uni where they hosted a „digital privacy day“, meanwhile the whole infrastructure got moved to microsofts cloud apps
-
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
@actualham I assume you probably got a link to that training by email. And it went to some site like mycompanytraining dot com, when your company’s domain is mycompany dot com. So you just clicked the link in the email to launch the web training that has you turning off the ad blockers and pop up blockers…
Perfect
-
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
@actualham Time to run this in a VM.
-
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
@actualham either this is a scam or this training is not worth its fee.
-
I am taking a required online training on "internet security" at my new university. In order to get the course to run properly, I was advised to enable all cookies and pop-ups and relax several other security settings in my browser. Good times.
@actualham from the "People not clear on the concept" department.
A similar experience I had was trying to convince Corporate IT that they needed to get all company web sites to have valid certificates signed by a trusted authority. We were essentially teaching people every day to ignore the warnings the browser would pop up. Especially since valid sites they wanted us to go to had names like
my-company.hr-for-you.com, so it would be easy to fake a web site to send people to. -
The latest argument in favor of "those who can, do; those who can't, teach."
I'm an ex teacher, BTW/
Those that can't teach teach teachers
-
@rgulick note that my excellent uni has world-renowned experts on cybersecurity, and highly skilled instructional designers. But all of this was farmed out to a third party, which is why it could hardly run inside our canvas without everything breaking. Another example of how we hire consultants to sell us what we could do better ourselves but think we can’t “afford” to support internally.
@actualham @rgulick management getting in the way of education. It's the late-capitalism way. I've learnt that any mandatory education with the word Cyber in the title has little to do with security.
-
@actualham @adamrice "oh flash" sounds like an adult not swearing around the kids.
@moz @actualham @adamrice FLASH YOU, MOTHAFLASHA!!
-
@moz @actualham @adamrice FLASH YOU, MOTHAFLASHA!!
@crisps @moz @actualham @adamrice what the flash?? every time I type flash it changes it to flash
