Symfony Profiler

Security

Token

There is no security token.

Firewall

main Name

Security enabled

Stateless

Configuration

Key	Value
provider	security.user.provider.concrete.app_user_provider
context	main
entry_point	App\Security\KbinAuthenticator
user_checker	App\Security\UserChecker
access_denied_handler	(none)
access_denied_url	(none)
authenticators	[`"two_factor" "remember_me" "App\Security\KbinAuthenticator" "App\Security\FacebookAuthenticator" "App\Security\GoogleAuthenticator" "App\Security\GithubAuthenticator" "App\Security\KeycloakAuthenticator"`]

Listeners

Listener	Duration	Response
Symfony\Component\Security\Http\Firewall\ChannelListener {#723`-map: Symfony\Component\Security\Http\AccessMap {#722 …} -logger: Monolog\Logger {#783 …} -httpPort: 80 -httpsPort: 443`}	0.00 ms	(none)
Symfony\Component\Security\Http\Firewall\ContextListener {#706-tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage {#1017 …} -sessionKey: "_security_main" -logger: Monolog\Logger {#783 …} -userProviders: Symfony\Component\DependencyInjection\Argument\RewindableGenerator {#705 …} -dispatcher: Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher {#747 …} -registered: false -trustResolver: Scheb\TwoFactorBundle\Security\Authentication\AuthenticationTrustResolver {#780 …} -sessionTrackerEnabler: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage::enableUsageTracking(): void {#703 …}}	0.20 ms	(none)
Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener {#584`-authenticatorManager: Symfony\Component\Security\Http\Authentication\AuthenticatorManager {#595 …}`}	0.00 ms	(none)
Scheb\TwoFactorBundle\Security\Http\Firewall\TwoFactorAccessListener {#582`-twoFactorFirewallConfig: Scheb\TwoFactorBundle\Security\TwoFactor\TwoFactorFirewallConfig {#842 …} -tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …} -twoFactorAccessDecider: Scheb\TwoFactorBundle\Security\Authorization\TwoFactorAccessDecider {#581 …}`}	0.04 ms	(none)
Symfony\Component\Security\Http\Firewall\AccessListener {#579`-tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …} -accessDecisionManager: Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager {#937 …} -map: Symfony\Component\Security\Http\AccessMap {#722 …}`}	0.00 ms	(none)
Symfony\Component\Security\Http\Firewall\LogoutListener {#786`-tokenStorage: Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage {#1018 …} -options: [ "csrf_parameter" => "_csrf_token" "csrf_token_id" => "logout" "logout_path" => "app_logout" ] -httpUtils: Symfony\Component\Security\Http\HttpUtils {#841 …} -csrfTokenManager: Symfony\Component\Security\Csrf\CsrfTokenManager {#1015 …} -eventDispatcher: Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher {#747 …}`}	0.00 ms	(none)

Authenticators

No authenticators have been recorded. Check previous profiles on your authentication endpoint.

Access Decision

affirmative Strategy


"Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter"
"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
"Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter"
"App\Security\Voter\EntryCommentVoter"
"App\Security\Voter\EntryVoter"
"App\Security\Voter\MagazineVoter"
"App\Security\Voter\MessageThreadVoter"
"App\Security\Voter\MessageVoter"
"App\Security\Voter\NotificationVoter"
"App\Security\Voter\OAuth2UserConsentVoter"
"App\Security\Voter\PostCommentVoter"
"App\Security\Voter\PostVoter"
"App\Security\Voter\UserVoter"

#	Voter class
1	"Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter"
2	"Scheb\TwoFactorBundle\Security\Authorization\Voter\TwoFactorInProgressVoter"
3	"Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter"
4	"Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter"
5	"App\Security\Voter\EntryCommentVoter"
6	"App\Security\Voter\EntryVoter"
7	"App\Security\Voter\MagazineVoter"
8	"App\Security\Voter\MessageThreadVoter"
9	"App\Security\Voter\MessageVoter"
10	"App\Security\Voter\NotificationVoter"
11	"App\Security\Voter\OAuth2UserConsentVoter"
12	"App\Security\Voter\PostCommentVoter"
13	"App\Security\Voter\PostVoter"
14	"App\Security\Voter\UserVoter"

Access decision log


null
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#2061
  +user: Proxies\__CG__\App\Entity\User {#2189 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
  +image: Proxies\__CG__\App\Entity\Image {#2211 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
  +slug: "Not-Sparks"
  +title: "Not Sparks."
  +url: "https://lemmy.world/pictrs/image/ec3ea08a-a728-44cc-9cd6-bc91cdfa1d1b.jpeg"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 149
  +favouriteCount: 381
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1727735026 {#2064
    date: 2024-10-01 00:23:46.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2233 …}
  +votes: Doctrine\ORM\PersistentCollection {#2240 …}
  +reports: Doctrine\ORM\PersistentCollection {#2235 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2155 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2142 …}
  +badges: Doctrine\ORM\PersistentCollection {#2185 …}
  +children: [
    App\Entity\EntryComment {#2075
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#2061 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2084 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2078 …}
      +body: """
        The line when Qui Gon describes midi-chlorians to baby Darth Vader is the dumbest shit ever:\n
        \n
        > Without midi-chlorians there would be no life *and we would have no knowledge of the midi-chlorians.*\n
        \n
        Like no fucking shit we would have no knowledge of something if there was NO LIFE numbnuts.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1705723697 {#2037
        date: 2024-01-20 05:08:17.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@ekZepp@lemmy.world"
        "@steakmeout@lemmy.world"
        "@Veneroso@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2076 …}
      +nested: Doctrine\ORM\PersistentCollection {#2083 …}
      +votes: Doctrine\ORM\PersistentCollection {#2085 …}
      +reports: Doctrine\ORM\PersistentCollection {#2062 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2077 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2063 …}
      -id: 324838
      -bodyTs: "'babi':11 'chlorian':9,22,38 'darth':12 'describ':6 'dumbest':16 'ever':18 'fuck':41 'gon':5 'knowledg':33,47 'life':27,54 'like':39 'line':2 'midi':8,21,37 'midi-chlorian':7,20,36 'numbnut':55 'qui':4 'shit':17,42 'someth':49 'vader':13 'without':19 'would':24,30,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6840357"
      +editedAt: null
      +createdAt: DateTimeImmutable @1705723697 {#2144
        date: 2024-01-20 05:08:17.0 +01:00
      }
      +"title": 324838
    }
  ]
  -id: 31489
  -titleTs: "'spark':2"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705672395
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10867466"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705585995 {#2221
    date: 2024-01-18 14:53:15.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#2061
  +user: Proxies\__CG__\App\Entity\User {#2189 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
  +image: Proxies\__CG__\App\Entity\Image {#2211 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
  +slug: "Not-Sparks"
  +title: "Not Sparks."
  +url: "https://lemmy.world/pictrs/image/ec3ea08a-a728-44cc-9cd6-bc91cdfa1d1b.jpeg"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 149
  +favouriteCount: 381
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1727735026 {#2064
    date: 2024-10-01 00:23:46.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2233 …}
  +votes: Doctrine\ORM\PersistentCollection {#2240 …}
  +reports: Doctrine\ORM\PersistentCollection {#2235 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2155 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2142 …}
  +badges: Doctrine\ORM\PersistentCollection {#2185 …}
  +children: [
    App\Entity\EntryComment {#2075
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#2061 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2084 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2078 …}
      +body: """
        The line when Qui Gon describes midi-chlorians to baby Darth Vader is the dumbest shit ever:\n
        \n
        > Without midi-chlorians there would be no life *and we would have no knowledge of the midi-chlorians.*\n
        \n
        Like no fucking shit we would have no knowledge of something if there was NO LIFE numbnuts.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1705723697 {#2037
        date: 2024-01-20 05:08:17.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@ekZepp@lemmy.world"
        "@steakmeout@lemmy.world"
        "@Veneroso@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2076 …}
      +nested: Doctrine\ORM\PersistentCollection {#2083 …}
      +votes: Doctrine\ORM\PersistentCollection {#2085 …}
      +reports: Doctrine\ORM\PersistentCollection {#2062 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2077 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2063 …}
      -id: 324838
      -bodyTs: "'babi':11 'chlorian':9,22,38 'darth':12 'describ':6 'dumbest':16 'ever':18 'fuck':41 'gon':5 'knowledg':33,47 'life':27,54 'like':39 'line':2 'midi':8,21,37 'midi-chlorian':7,20,36 'numbnut':55 'qui':4 'shit':17,42 'someth':49 'vader':13 'without':19 'would':24,30,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6840357"
      +editedAt: null
      +createdAt: DateTimeImmutable @1705723697 {#2144
        date: 2024-01-20 05:08:17.0 +01:00
      }
      +"title": 324838
    }
  ]
  -id: 31489
  -titleTs: "'spark':2"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705672395
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10867466"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705585995 {#2221
    date: 2024-01-18 14:53:15.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#2061
  +user: Proxies\__CG__\App\Entity\User {#2189 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
  +image: Proxies\__CG__\App\Entity\Image {#2211 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
  +slug: "Not-Sparks"
  +title: "Not Sparks."
  +url: "https://lemmy.world/pictrs/image/ec3ea08a-a728-44cc-9cd6-bc91cdfa1d1b.jpeg"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 149
  +favouriteCount: 381
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1727735026 {#2064
    date: 2024-10-01 00:23:46.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2233 …}
  +votes: Doctrine\ORM\PersistentCollection {#2240 …}
  +reports: Doctrine\ORM\PersistentCollection {#2235 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2155 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2142 …}
  +badges: Doctrine\ORM\PersistentCollection {#2185 …}
  +children: [
    App\Entity\EntryComment {#2075
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#2061 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2084 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2078 …}
      +body: """
        The line when Qui Gon describes midi-chlorians to baby Darth Vader is the dumbest shit ever:\n
        \n
        > Without midi-chlorians there would be no life *and we would have no knowledge of the midi-chlorians.*\n
        \n
        Like no fucking shit we would have no knowledge of something if there was NO LIFE numbnuts.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 7
      +score: 0
      +lastActive: DateTime @1705723697 {#2037
        date: 2024-01-20 05:08:17.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@ekZepp@lemmy.world"
        "@steakmeout@lemmy.world"
        "@Veneroso@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2076 …}
      +nested: Doctrine\ORM\PersistentCollection {#2083 …}
      +votes: Doctrine\ORM\PersistentCollection {#2085 …}
      +reports: Doctrine\ORM\PersistentCollection {#2062 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2077 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2063 …}
      -id: 324838
      -bodyTs: "'babi':11 'chlorian':9,22,38 'darth':12 'describ':6 'dumbest':16 'ever':18 'fuck':41 'gon':5 'knowledg':33,47 'life':27,54 'like':39 'line':2 'midi':8,21,37 'midi-chlorian':7,20,36 'numbnut':55 'qui':4 'shit':17,42 'someth':49 'vader':13 'without':19 'would':24,30,44"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6840357"
      +editedAt: null
      +createdAt: DateTimeImmutable @1705723697 {#2144
        date: 2024-01-20 05:08:17.0 +01:00
      }
      +"title": 324838
    }
  ]
  -id: 31489
  -titleTs: "'spark':2"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705672395
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10867466"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705585995 {#2221
    date: 2024-01-18 14:53:15.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2075
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#2061
    +user: Proxies\__CG__\App\Entity\User {#2189 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
    +image: Proxies\__CG__\App\Entity\Image {#2211 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
    +slug: "Not-Sparks"
    +title: "Not Sparks."
    +url: "https://lemmy.world/pictrs/image/ec3ea08a-a728-44cc-9cd6-bc91cdfa1d1b.jpeg"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 149
    +favouriteCount: 381
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1727735026 {#2064
      date: 2024-10-01 00:23:46.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2233 …}
    +votes: Doctrine\ORM\PersistentCollection {#2240 …}
    +reports: Doctrine\ORM\PersistentCollection {#2235 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2155 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2142 …}
    +badges: Doctrine\ORM\PersistentCollection {#2185 …}
    +children: [
      App\Entity\EntryComment {#2075}
    ]
    -id: 31489
    -titleTs: "'spark':2"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705672395
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10867466"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705585995 {#2221
      date: 2024-01-18 14:53:15.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2084 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2078 …}
  +body: """
    The line when Qui Gon describes midi-chlorians to baby Darth Vader is the dumbest shit ever:\n
    \n
    > Without midi-chlorians there would be no life *and we would have no knowledge of the midi-chlorians.*\n
    \n
    Like no fucking shit we would have no knowledge of something if there was NO LIFE numbnuts.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1705723697 {#2037
    date: 2024-01-20 05:08:17.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@ekZepp@lemmy.world"
    "@steakmeout@lemmy.world"
    "@Veneroso@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2076 …}
  +nested: Doctrine\ORM\PersistentCollection {#2083 …}
  +votes: Doctrine\ORM\PersistentCollection {#2085 …}
  +reports: Doctrine\ORM\PersistentCollection {#2062 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2077 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2063 …}
  -id: 324838
  -bodyTs: "'babi':11 'chlorian':9,22,38 'darth':12 'describ':6 'dumbest':16 'ever':18 'fuck':41 'gon':5 'knowledg':33,47 'life':27,54 'like':39 'line':2 'midi':8,21,37 'midi-chlorian':7,20,36 'numbnut':55 'qui':4 'shit':17,42 'someth':49 'vader':13 'without':19 'would':24,30,44"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6840357"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705723697 {#2144
    date: 2024-01-20 05:08:17.0 +01:00
  }
  +"title": 324838
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2075
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#2061
    +user: Proxies\__CG__\App\Entity\User {#2189 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
    +image: Proxies\__CG__\App\Entity\Image {#2211 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
    +slug: "Not-Sparks"
    +title: "Not Sparks."
    +url: "https://lemmy.world/pictrs/image/ec3ea08a-a728-44cc-9cd6-bc91cdfa1d1b.jpeg"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 149
    +favouriteCount: 381
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1727735026 {#2064
      date: 2024-10-01 00:23:46.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2233 …}
    +votes: Doctrine\ORM\PersistentCollection {#2240 …}
    +reports: Doctrine\ORM\PersistentCollection {#2235 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2155 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2142 …}
    +badges: Doctrine\ORM\PersistentCollection {#2185 …}
    +children: [
      App\Entity\EntryComment {#2075}
    ]
    -id: 31489
    -titleTs: "'spark':2"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705672395
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10867466"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705585995 {#2221
      date: 2024-01-18 14:53:15.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2084 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2078 …}
  +body: """
    The line when Qui Gon describes midi-chlorians to baby Darth Vader is the dumbest shit ever:\n
    \n
    > Without midi-chlorians there would be no life *and we would have no knowledge of the midi-chlorians.*\n
    \n
    Like no fucking shit we would have no knowledge of something if there was NO LIFE numbnuts.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1705723697 {#2037
    date: 2024-01-20 05:08:17.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@ekZepp@lemmy.world"
    "@steakmeout@lemmy.world"
    "@Veneroso@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2076 …}
  +nested: Doctrine\ORM\PersistentCollection {#2083 …}
  +votes: Doctrine\ORM\PersistentCollection {#2085 …}
  +reports: Doctrine\ORM\PersistentCollection {#2062 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2077 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2063 …}
  -id: 324838
  -bodyTs: "'babi':11 'chlorian':9,22,38 'darth':12 'describ':6 'dumbest':16 'ever':18 'fuck':41 'gon':5 'knowledg':33,47 'life':27,54 'like':39 'line':2 'midi':8,21,37 'midi-chlorian':7,20,36 'numbnut':55 'qui':4 'shit':17,42 'someth':49 'vader':13 'without':19 'would':24,30,44"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6840357"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705723697 {#2144
    date: 2024-01-20 05:08:17.0 +01:00
  }
  +"title": 324838
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2075
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#2061
    +user: Proxies\__CG__\App\Entity\User {#2189 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
    +image: Proxies\__CG__\App\Entity\Image {#2211 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
    +slug: "Not-Sparks"
    +title: "Not Sparks."
    +url: "https://lemmy.world/pictrs/image/ec3ea08a-a728-44cc-9cd6-bc91cdfa1d1b.jpeg"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 149
    +favouriteCount: 381
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1727735026 {#2064
      date: 2024-10-01 00:23:46.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2233 …}
    +votes: Doctrine\ORM\PersistentCollection {#2240 …}
    +reports: Doctrine\ORM\PersistentCollection {#2235 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2155 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2142 …}
    +badges: Doctrine\ORM\PersistentCollection {#2185 …}
    +children: [
      App\Entity\EntryComment {#2075}
    ]
    -id: 31489
    -titleTs: "'spark':2"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705672395
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10867466"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705585995 {#2221
      date: 2024-01-18 14:53:15.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2079 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2084 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2078 …}
  +body: """
    The line when Qui Gon describes midi-chlorians to baby Darth Vader is the dumbest shit ever:\n
    \n
    > Without midi-chlorians there would be no life *and we would have no knowledge of the midi-chlorians.*\n
    \n
    Like no fucking shit we would have no knowledge of something if there was NO LIFE numbnuts.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 7
  +score: 0
  +lastActive: DateTime @1705723697 {#2037
    date: 2024-01-20 05:08:17.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@ekZepp@lemmy.world"
    "@steakmeout@lemmy.world"
    "@Veneroso@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2076 …}
  +nested: Doctrine\ORM\PersistentCollection {#2083 …}
  +votes: Doctrine\ORM\PersistentCollection {#2085 …}
  +reports: Doctrine\ORM\PersistentCollection {#2062 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2077 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2063 …}
  -id: 324838
  -bodyTs: "'babi':11 'chlorian':9,22,38 'darth':12 'describ':6 'dumbest':16 'ever':18 'fuck':41 'gon':5 'knowledg':33,47 'life':27,54 'like':39 'line':2 'midi':8,21,37 'midi-chlorian':7,20,36 'numbnut':55 'qui':4 'shit':17,42 'someth':49 'vader':13 'without':19 'would':24,30,44"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6840357"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705723697 {#2144
    date: 2024-01-20 05:08:17.0 +01:00
  }
  +"title": 324838
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#2022
  +user: Proxies\__CG__\App\Entity\User {#2297 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
  +image: Proxies\__CG__\App\Entity\Image {#2179 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
  +slug: "Mama-Mia"
  +title: "Mama Mia."
  +url: "https://lemmy.world/pictrs/image/4f191077-12cb-4af4-aa92-989b4135110a.jpeg"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 8
  +favouriteCount: 157
  +score: 0
  +isAdult: true
  +sticky: false
  +lastActive: DateTime @1721453297 {#2148
    date: 2024-07-20 07:28:17.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2181 …}
  +votes: Doctrine\ORM\PersistentCollection {#2174 …}
  +reports: Doctrine\ORM\PersistentCollection {#2170 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2184 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2169 …}
  +badges: Doctrine\ORM\PersistentCollection {#2134 …}
  +children: [
    App\Entity\EntryComment {#2024
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#2022 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
      +body: "You did better than me. Every way I slice it, the set of circumstances required to get there are a lot fucked up."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1705034378 {#2032
        date: 2024-01-12 05:39:38.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@STRIKINGdebate2@lemmy.world"
        "@21Cabbage@lemmynsfw.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2011 …}
      +nested: Doctrine\ORM\PersistentCollection {#2021 …}
      +votes: Doctrine\ORM\PersistentCollection {#2029 …}
      +reports: Doctrine\ORM\PersistentCollection {#2020 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2027 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2031 …}
      -id: 300985
      -bodyTs: "'better':3 'circumst':14 'everi':6 'fuck':22 'get':17 'lot':21 'requir':15 'set':12 'slice':9 'way':7"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6602956"
      +editedAt: null
      +createdAt: DateTimeImmutable @1705034378 {#2026
        date: 2024-01-12 05:39:38.0 +01:00
      }
      +"title": 300985
    }
  ]
  -id: 29121
  -titleTs: "'mama':1 'mia':2"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705091075
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10588689"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705004675 {#2199
    date: 2024-01-11 21:24:35.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#2022
  +user: Proxies\__CG__\App\Entity\User {#2297 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
  +image: Proxies\__CG__\App\Entity\Image {#2179 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
  +slug: "Mama-Mia"
  +title: "Mama Mia."
  +url: "https://lemmy.world/pictrs/image/4f191077-12cb-4af4-aa92-989b4135110a.jpeg"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 8
  +favouriteCount: 157
  +score: 0
  +isAdult: true
  +sticky: false
  +lastActive: DateTime @1721453297 {#2148
    date: 2024-07-20 07:28:17.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2181 …}
  +votes: Doctrine\ORM\PersistentCollection {#2174 …}
  +reports: Doctrine\ORM\PersistentCollection {#2170 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2184 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2169 …}
  +badges: Doctrine\ORM\PersistentCollection {#2134 …}
  +children: [
    App\Entity\EntryComment {#2024
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#2022 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
      +body: "You did better than me. Every way I slice it, the set of circumstances required to get there are a lot fucked up."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1705034378 {#2032
        date: 2024-01-12 05:39:38.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@STRIKINGdebate2@lemmy.world"
        "@21Cabbage@lemmynsfw.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2011 …}
      +nested: Doctrine\ORM\PersistentCollection {#2021 …}
      +votes: Doctrine\ORM\PersistentCollection {#2029 …}
      +reports: Doctrine\ORM\PersistentCollection {#2020 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2027 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2031 …}
      -id: 300985
      -bodyTs: "'better':3 'circumst':14 'everi':6 'fuck':22 'get':17 'lot':21 'requir':15 'set':12 'slice':9 'way':7"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6602956"
      +editedAt: null
      +createdAt: DateTimeImmutable @1705034378 {#2026
        date: 2024-01-12 05:39:38.0 +01:00
      }
      +"title": 300985
    }
  ]
  -id: 29121
  -titleTs: "'mama':1 'mia':2"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705091075
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10588689"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705004675 {#2199
    date: 2024-01-11 21:24:35.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#2022
  +user: Proxies\__CG__\App\Entity\User {#2297 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
  +image: Proxies\__CG__\App\Entity\Image {#2179 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
  +slug: "Mama-Mia"
  +title: "Mama Mia."
  +url: "https://lemmy.world/pictrs/image/4f191077-12cb-4af4-aa92-989b4135110a.jpeg"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 8
  +favouriteCount: 157
  +score: 0
  +isAdult: true
  +sticky: false
  +lastActive: DateTime @1721453297 {#2148
    date: 2024-07-20 07:28:17.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2181 …}
  +votes: Doctrine\ORM\PersistentCollection {#2174 …}
  +reports: Doctrine\ORM\PersistentCollection {#2170 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2184 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2169 …}
  +badges: Doctrine\ORM\PersistentCollection {#2134 …}
  +children: [
    App\Entity\EntryComment {#2024
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#2022 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
      +body: "You did better than me. Every way I slice it, the set of circumstances required to get there are a lot fucked up."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 4
      +score: 0
      +lastActive: DateTime @1705034378 {#2032
        date: 2024-01-12 05:39:38.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@STRIKINGdebate2@lemmy.world"
        "@21Cabbage@lemmynsfw.com"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2011 …}
      +nested: Doctrine\ORM\PersistentCollection {#2021 …}
      +votes: Doctrine\ORM\PersistentCollection {#2029 …}
      +reports: Doctrine\ORM\PersistentCollection {#2020 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2027 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2031 …}
      -id: 300985
      -bodyTs: "'better':3 'circumst':14 'everi':6 'fuck':22 'get':17 'lot':21 'requir':15 'set':12 'slice':9 'way':7"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/6602956"
      +editedAt: null
      +createdAt: DateTimeImmutable @1705034378 {#2026
        date: 2024-01-12 05:39:38.0 +01:00
      }
      +"title": 300985
    }
  ]
  -id: 29121
  -titleTs: "'mama':1 'mia':2"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1705091075
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/10588689"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705004675 {#2199
    date: 2024-01-11 21:24:35.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2024
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#2022
    +user: Proxies\__CG__\App\Entity\User {#2297 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
    +image: Proxies\__CG__\App\Entity\Image {#2179 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
    +slug: "Mama-Mia"
    +title: "Mama Mia."
    +url: "https://lemmy.world/pictrs/image/4f191077-12cb-4af4-aa92-989b4135110a.jpeg"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 8
    +favouriteCount: 157
    +score: 0
    +isAdult: true
    +sticky: false
    +lastActive: DateTime @1721453297 {#2148
      date: 2024-07-20 07:28:17.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2181 …}
    +votes: Doctrine\ORM\PersistentCollection {#2174 …}
    +reports: Doctrine\ORM\PersistentCollection {#2170 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2184 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2169 …}
    +badges: Doctrine\ORM\PersistentCollection {#2134 …}
    +children: [
      App\Entity\EntryComment {#2024}
    ]
    -id: 29121
    -titleTs: "'mama':1 'mia':2"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705091075
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10588689"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705004675 {#2199
      date: 2024-01-11 21:24:35.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
  +body: "You did better than me. Every way I slice it, the set of circumstances required to get there are a lot fucked up."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1705034378 {#2032
    date: 2024-01-12 05:39:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@STRIKINGdebate2@lemmy.world"
    "@21Cabbage@lemmynsfw.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2011 …}
  +nested: Doctrine\ORM\PersistentCollection {#2021 …}
  +votes: Doctrine\ORM\PersistentCollection {#2029 …}
  +reports: Doctrine\ORM\PersistentCollection {#2020 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2027 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2031 …}
  -id: 300985
  -bodyTs: "'better':3 'circumst':14 'everi':6 'fuck':22 'get':17 'lot':21 'requir':15 'set':12 'slice':9 'way':7"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6602956"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705034378 {#2026
    date: 2024-01-12 05:39:38.0 +01:00
  }
  +"title": 300985
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2024
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#2022
    +user: Proxies\__CG__\App\Entity\User {#2297 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
    +image: Proxies\__CG__\App\Entity\Image {#2179 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
    +slug: "Mama-Mia"
    +title: "Mama Mia."
    +url: "https://lemmy.world/pictrs/image/4f191077-12cb-4af4-aa92-989b4135110a.jpeg"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 8
    +favouriteCount: 157
    +score: 0
    +isAdult: true
    +sticky: false
    +lastActive: DateTime @1721453297 {#2148
      date: 2024-07-20 07:28:17.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2181 …}
    +votes: Doctrine\ORM\PersistentCollection {#2174 …}
    +reports: Doctrine\ORM\PersistentCollection {#2170 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2184 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2169 …}
    +badges: Doctrine\ORM\PersistentCollection {#2134 …}
    +children: [
      App\Entity\EntryComment {#2024}
    ]
    -id: 29121
    -titleTs: "'mama':1 'mia':2"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705091075
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10588689"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705004675 {#2199
      date: 2024-01-11 21:24:35.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
  +body: "You did better than me. Every way I slice it, the set of circumstances required to get there are a lot fucked up."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1705034378 {#2032
    date: 2024-01-12 05:39:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@STRIKINGdebate2@lemmy.world"
    "@21Cabbage@lemmynsfw.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2011 …}
  +nested: Doctrine\ORM\PersistentCollection {#2021 …}
  +votes: Doctrine\ORM\PersistentCollection {#2029 …}
  +reports: Doctrine\ORM\PersistentCollection {#2020 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2027 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2031 …}
  -id: 300985
  -bodyTs: "'better':3 'circumst':14 'everi':6 'fuck':22 'get':17 'lot':21 'requir':15 'set':12 'slice':9 'way':7"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6602956"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705034378 {#2026
    date: 2024-01-12 05:39:38.0 +01:00
  }
  +"title": 300985
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2024
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#2022
    +user: Proxies\__CG__\App\Entity\User {#2297 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
    +image: Proxies\__CG__\App\Entity\Image {#2179 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2226 …}
    +slug: "Mama-Mia"
    +title: "Mama Mia."
    +url: "https://lemmy.world/pictrs/image/4f191077-12cb-4af4-aa92-989b4135110a.jpeg"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 8
    +favouriteCount: 157
    +score: 0
    +isAdult: true
    +sticky: false
    +lastActive: DateTime @1721453297 {#2148
      date: 2024-07-20 07:28:17.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2181 …}
    +votes: Doctrine\ORM\PersistentCollection {#2174 …}
    +reports: Doctrine\ORM\PersistentCollection {#2170 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2184 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2169 …}
    +badges: Doctrine\ORM\PersistentCollection {#2134 …}
    +children: [
      App\Entity\EntryComment {#2024}
    ]
    -id: 29121
    -titleTs: "'mama':1 'mia':2"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1705091075
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/10588689"
    +editedAt: null
    +createdAt: DateTimeImmutable @1705004675 {#2199
      date: 2024-01-11 21:24:35.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#2018 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2025 …}
  +body: "You did better than me. Every way I slice it, the set of circumstances required to get there are a lot fucked up."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 4
  +score: 0
  +lastActive: DateTime @1705034378 {#2032
    date: 2024-01-12 05:39:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@STRIKINGdebate2@lemmy.world"
    "@21Cabbage@lemmynsfw.com"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2011 …}
  +nested: Doctrine\ORM\PersistentCollection {#2021 …}
  +votes: Doctrine\ORM\PersistentCollection {#2029 …}
  +reports: Doctrine\ORM\PersistentCollection {#2020 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2027 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2031 …}
  -id: 300985
  -bodyTs: "'better':3 'circumst':14 'everi':6 'fuck':22 'get':17 'lot':21 'requir':15 'set':12 'slice':9 'way':7"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/6602956"
  +editedAt: null
  +createdAt: DateTimeImmutable @1705034378 {#2026
    date: 2024-01-12 05:39:38.0 +01:00
  }
  +"title": 300985
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1381
  +user: Proxies\__CG__\App\Entity\User {#2219 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
  +image: Proxies\__CG__\App\Entity\Image {#2006 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#1997 …}
  +slug: "We-don-t-judge-here"
  +title: "We don't judge here. :)"
  +url: "https://mander.xyz/pictrs/image/67cf3c62-01e9-4cc7-9e83-7b33c7fdeb97.webp"
  +body: null
  +type: "link"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 96
  +favouriteCount: 1030
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1700212968 {#1985
    date: 2023-11-17 10:22:48.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1993 …}
  +votes: Doctrine\ORM\PersistentCollection {#1992 …}
  +reports: Doctrine\ORM\PersistentCollection {#2002 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2000 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2007 …}
  +badges: Doctrine\ORM\PersistentCollection {#1990 …}
  +children: [
    App\Entity\EntryComment {#1384
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1381 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
      +body: "I think the word you’re looking for is physicist. A physician is a medical doctor (as in a person that treats sick people). A physicist is a person that studies physics (as in a person that knows how to solve word problems involving pool tables)."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 28
      +score: 0
      +lastActive: DateTime @1700098014 {#2395
        date: 2023-11-16 02:26:54.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@fossilesque@mander.xyz"
        "@BastingChemina@slrpnk.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1405 …}
      +nested: Doctrine\ORM\PersistentCollection {#1382 …}
      +votes: Doctrine\ORM\PersistentCollection {#1404 …}
      +reports: Doctrine\ORM\PersistentCollection {#1361 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1403 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2023 …}
      -id: 128659
      -bodyTs: "'doctor':16 'involv':44 'know':38 'look':7 'medic':15 'peopl':24 'person':20,29,36 'physic':32 'physician':12 'physicist':10,26 'pool':45 'problem':43 're':6 'sick':23 'solv':41 'studi':31 'tabl':46 'think':2 'treat':22 'word':4,42"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/5345160"
      +editedAt: null
      +createdAt: DateTimeImmutable @1700098014 {#2393
        date: 2023-11-16 02:26:54.0 +01:00
      }
      +"title": 128659
    }
  ]
  -id: 13326
  -titleTs: "'judg':4"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1700162031
  +visibility: "visible             "
  +apId: "https://mander.xyz/post/6210420"
  +editedAt: null
  +createdAt: DateTimeImmutable @1700075631 {#2171
    date: 2023-11-15 20:13:51.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1381
  +user: Proxies\__CG__\App\Entity\User {#2219 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
  +image: Proxies\__CG__\App\Entity\Image {#2006 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#1997 …}
  +slug: "We-don-t-judge-here"
  +title: "We don't judge here. :)"
  +url: "https://mander.xyz/pictrs/image/67cf3c62-01e9-4cc7-9e83-7b33c7fdeb97.webp"
  +body: null
  +type: "link"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 96
  +favouriteCount: 1030
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1700212968 {#1985
    date: 2023-11-17 10:22:48.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1993 …}
  +votes: Doctrine\ORM\PersistentCollection {#1992 …}
  +reports: Doctrine\ORM\PersistentCollection {#2002 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2000 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2007 …}
  +badges: Doctrine\ORM\PersistentCollection {#1990 …}
  +children: [
    App\Entity\EntryComment {#1384
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1381 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
      +body: "I think the word you’re looking for is physicist. A physician is a medical doctor (as in a person that treats sick people). A physicist is a person that studies physics (as in a person that knows how to solve word problems involving pool tables)."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 28
      +score: 0
      +lastActive: DateTime @1700098014 {#2395
        date: 2023-11-16 02:26:54.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@fossilesque@mander.xyz"
        "@BastingChemina@slrpnk.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1405 …}
      +nested: Doctrine\ORM\PersistentCollection {#1382 …}
      +votes: Doctrine\ORM\PersistentCollection {#1404 …}
      +reports: Doctrine\ORM\PersistentCollection {#1361 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1403 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2023 …}
      -id: 128659
      -bodyTs: "'doctor':16 'involv':44 'know':38 'look':7 'medic':15 'peopl':24 'person':20,29,36 'physic':32 'physician':12 'physicist':10,26 'pool':45 'problem':43 're':6 'sick':23 'solv':41 'studi':31 'tabl':46 'think':2 'treat':22 'word':4,42"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/5345160"
      +editedAt: null
      +createdAt: DateTimeImmutable @1700098014 {#2393
        date: 2023-11-16 02:26:54.0 +01:00
      }
      +"title": 128659
    }
  ]
  -id: 13326
  -titleTs: "'judg':4"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1700162031
  +visibility: "visible             "
  +apId: "https://mander.xyz/post/6210420"
  +editedAt: null
  +createdAt: DateTimeImmutable @1700075631 {#2171
    date: 2023-11-15 20:13:51.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1381
  +user: Proxies\__CG__\App\Entity\User {#2219 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
  +image: Proxies\__CG__\App\Entity\Image {#2006 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#1997 …}
  +slug: "We-don-t-judge-here"
  +title: "We don't judge here. :)"
  +url: "https://mander.xyz/pictrs/image/67cf3c62-01e9-4cc7-9e83-7b33c7fdeb97.webp"
  +body: null
  +type: "link"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 96
  +favouriteCount: 1030
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1700212968 {#1985
    date: 2023-11-17 10:22:48.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1993 …}
  +votes: Doctrine\ORM\PersistentCollection {#1992 …}
  +reports: Doctrine\ORM\PersistentCollection {#2002 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2000 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2007 …}
  +badges: Doctrine\ORM\PersistentCollection {#1990 …}
  +children: [
    App\Entity\EntryComment {#1384
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1381 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
      +body: "I think the word you’re looking for is physicist. A physician is a medical doctor (as in a person that treats sick people). A physicist is a person that studies physics (as in a person that knows how to solve word problems involving pool tables)."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 28
      +score: 0
      +lastActive: DateTime @1700098014 {#2395
        date: 2023-11-16 02:26:54.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@fossilesque@mander.xyz"
        "@BastingChemina@slrpnk.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1405 …}
      +nested: Doctrine\ORM\PersistentCollection {#1382 …}
      +votes: Doctrine\ORM\PersistentCollection {#1404 …}
      +reports: Doctrine\ORM\PersistentCollection {#1361 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1403 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2023 …}
      -id: 128659
      -bodyTs: "'doctor':16 'involv':44 'know':38 'look':7 'medic':15 'peopl':24 'person':20,29,36 'physic':32 'physician':12 'physicist':10,26 'pool':45 'problem':43 're':6 'sick':23 'solv':41 'studi':31 'tabl':46 'think':2 'treat':22 'word':4,42"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/5345160"
      +editedAt: null
      +createdAt: DateTimeImmutable @1700098014 {#2393
        date: 2023-11-16 02:26:54.0 +01:00
      }
      +"title": 128659
    }
  ]
  -id: 13326
  -titleTs: "'judg':4"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1700162031
  +visibility: "visible             "
  +apId: "https://mander.xyz/post/6210420"
  +editedAt: null
  +createdAt: DateTimeImmutable @1700075631 {#2171
    date: 2023-11-15 20:13:51.0 +01:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1384
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1381
    +user: Proxies\__CG__\App\Entity\User {#2219 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
    +image: Proxies\__CG__\App\Entity\Image {#2006 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#1997 …}
    +slug: "We-don-t-judge-here"
    +title: "We don't judge here. :)"
    +url: "https://mander.xyz/pictrs/image/67cf3c62-01e9-4cc7-9e83-7b33c7fdeb97.webp"
    +body: null
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 96
    +favouriteCount: 1030
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700212968 {#1985
      date: 2023-11-17 10:22:48.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1993 …}
    +votes: Doctrine\ORM\PersistentCollection {#1992 …}
    +reports: Doctrine\ORM\PersistentCollection {#2002 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2000 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2007 …}
    +badges: Doctrine\ORM\PersistentCollection {#1990 …}
    +children: [
      App\Entity\EntryComment {#1384}
    ]
    -id: 13326
    -titleTs: "'judg':4"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700162031
    +visibility: "visible             "
    +apId: "https://mander.xyz/post/6210420"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700075631 {#2171
      date: 2023-11-15 20:13:51.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
  +body: "I think the word you’re looking for is physicist. A physician is a medical doctor (as in a person that treats sick people). A physicist is a person that studies physics (as in a person that knows how to solve word problems involving pool tables)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 28
  +score: 0
  +lastActive: DateTime @1700098014 {#2395
    date: 2023-11-16 02:26:54.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@fossilesque@mander.xyz"
    "@BastingChemina@slrpnk.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1405 …}
  +nested: Doctrine\ORM\PersistentCollection {#1382 …}
  +votes: Doctrine\ORM\PersistentCollection {#1404 …}
  +reports: Doctrine\ORM\PersistentCollection {#1361 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1403 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2023 …}
  -id: 128659
  -bodyTs: "'doctor':16 'involv':44 'know':38 'look':7 'medic':15 'peopl':24 'person':20,29,36 'physic':32 'physician':12 'physicist':10,26 'pool':45 'problem':43 're':6 'sick':23 'solv':41 'studi':31 'tabl':46 'think':2 'treat':22 'word':4,42"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/5345160"
  +editedAt: null
  +createdAt: DateTimeImmutable @1700098014 {#2393
    date: 2023-11-16 02:26:54.0 +01:00
  }
  +"title": 128659
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1384
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1381
    +user: Proxies\__CG__\App\Entity\User {#2219 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
    +image: Proxies\__CG__\App\Entity\Image {#2006 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#1997 …}
    +slug: "We-don-t-judge-here"
    +title: "We don't judge here. :)"
    +url: "https://mander.xyz/pictrs/image/67cf3c62-01e9-4cc7-9e83-7b33c7fdeb97.webp"
    +body: null
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 96
    +favouriteCount: 1030
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700212968 {#1985
      date: 2023-11-17 10:22:48.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1993 …}
    +votes: Doctrine\ORM\PersistentCollection {#1992 …}
    +reports: Doctrine\ORM\PersistentCollection {#2002 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2000 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2007 …}
    +badges: Doctrine\ORM\PersistentCollection {#1990 …}
    +children: [
      App\Entity\EntryComment {#1384}
    ]
    -id: 13326
    -titleTs: "'judg':4"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700162031
    +visibility: "visible             "
    +apId: "https://mander.xyz/post/6210420"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700075631 {#2171
      date: 2023-11-15 20:13:51.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
  +body: "I think the word you’re looking for is physicist. A physician is a medical doctor (as in a person that treats sick people). A physicist is a person that studies physics (as in a person that knows how to solve word problems involving pool tables)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 28
  +score: 0
  +lastActive: DateTime @1700098014 {#2395
    date: 2023-11-16 02:26:54.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@fossilesque@mander.xyz"
    "@BastingChemina@slrpnk.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1405 …}
  +nested: Doctrine\ORM\PersistentCollection {#1382 …}
  +votes: Doctrine\ORM\PersistentCollection {#1404 …}
  +reports: Doctrine\ORM\PersistentCollection {#1361 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1403 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2023 …}
  -id: 128659
  -bodyTs: "'doctor':16 'involv':44 'know':38 'look':7 'medic':15 'peopl':24 'person':20,29,36 'physic':32 'physician':12 'physicist':10,26 'pool':45 'problem':43 're':6 'sick':23 'solv':41 'studi':31 'tabl':46 'think':2 'treat':22 'word':4,42"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/5345160"
  +editedAt: null
  +createdAt: DateTimeImmutable @1700098014 {#2393
    date: 2023-11-16 02:26:54.0 +01:00
  }
  +"title": 128659
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1384
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1381
    +user: Proxies\__CG__\App\Entity\User {#2219 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
    +image: Proxies\__CG__\App\Entity\Image {#2006 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#1997 …}
    +slug: "We-don-t-judge-here"
    +title: "We don't judge here. :)"
    +url: "https://mander.xyz/pictrs/image/67cf3c62-01e9-4cc7-9e83-7b33c7fdeb97.webp"
    +body: null
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 96
    +favouriteCount: 1030
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700212968 {#1985
      date: 2023-11-17 10:22:48.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1993 …}
    +votes: Doctrine\ORM\PersistentCollection {#1992 …}
    +reports: Doctrine\ORM\PersistentCollection {#2002 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2000 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2007 …}
    +badges: Doctrine\ORM\PersistentCollection {#1990 …}
    +children: [
      App\Entity\EntryComment {#1384}
    ]
    -id: 13326
    -titleTs: "'judg':4"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700162031
    +visibility: "visible             "
    +apId: "https://mander.xyz/post/6210420"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700075631 {#2171
      date: 2023-11-15 20:13:51.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1383 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1402 …}
  +body: "I think the word you’re looking for is physicist. A physician is a medical doctor (as in a person that treats sick people). A physicist is a person that studies physics (as in a person that knows how to solve word problems involving pool tables)."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 28
  +score: 0
  +lastActive: DateTime @1700098014 {#2395
    date: 2023-11-16 02:26:54.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@fossilesque@mander.xyz"
    "@BastingChemina@slrpnk.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1405 …}
  +nested: Doctrine\ORM\PersistentCollection {#1382 …}
  +votes: Doctrine\ORM\PersistentCollection {#1404 …}
  +reports: Doctrine\ORM\PersistentCollection {#1361 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1403 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2023 …}
  -id: 128659
  -bodyTs: "'doctor':16 'involv':44 'know':38 'look':7 'medic':15 'peopl':24 'person':20,29,36 'physic':32 'physician':12 'physicist':10,26 'pool':45 'problem':43 're':6 'sick':23 'solv':41 'studi':31 'tabl':46 'think':2 'treat':22 'word':4,42"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/5345160"
  +editedAt: null
  +createdAt: DateTimeImmutable @1700098014 {#2393
    date: 2023-11-16 02:26:54.0 +01:00
  }
  +"title": 128659
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1906
  +user: Proxies\__CG__\App\Entity\User {#2173 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
  +image: Proxies\__CG__\App\Entity\Image {#2015 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2008 …}
  +slug: "Autocomplete-by-Zach-Weinersmith"
  +title: ""Autocomplete" by Zach Weinersmith"
  +url: "https://files.mastodon.social/media_attachments/files/111/313/326/070/534/726/original/38ef4380765f9d67.png"
  +body: """
    @ZachWeinersmith@mastodon.social\n
    \n
    [source (Mastodon)](https://mastodon.social/@ZachWeinersmith/111313326393156519)
    """
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 41
  +favouriteCount: 683
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1698629252 {#2010
    date: 2023-10-30 02:27:32.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: [
    "@ZachWeinersmith@mastodon.social"
  ]
  +comments: Doctrine\ORM\PersistentCollection {#1984 …}
  +votes: Doctrine\ORM\PersistentCollection {#1981 …}
  +reports: Doctrine\ORM\PersistentCollection {#1982 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1980 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2375 …}
  +badges: Doctrine\ORM\PersistentCollection {#2374 …}
  +children: [
    App\Entity\EntryComment {#1910
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1906 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1708 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1926 …}
      +body: """
        You’re using the triune model to draw some rather lofty conclusions that aren’t really up to date with our understanding of neurology. It’s way over simplified and doesn’t really work that way. More recent studies suggest that the neocortex was already present in even the earliest mammals, so it’s not quite as straightforward and the demarcation isn’t quite as clear cut, as you seem to be presenting it. “Old brain” doesn’t “take over” in the way you’re presenting it either but appears to act as a primary driver for those basic functions.\n
        \n
        Not sure how to even tackle the loftly conclusions you’ve made because the don’t seem to be built on a solid foundation. I think things might be quite a bit more interesting, and wildly more complex, then you seem to be presenting it. I’ll just leave some sources below with a quick note. Not trying to be condescending, or rude, just a topic that is a bit interesting, and a lot of people tend to draw some lofty conclusions from the triune model which has largely fallen by the wayside in neurology.\n
        \n
        Read the wiki to see how the model was developed: [en.m.wikipedia.org/wiki/Triune_brain](https://en.m.wikipedia.org/wiki/Triune_brain)\n
        \n
        A quick introduction to why it was important but has shown to be overly simplified and mostly incorrect: […yale.edu/…/a-theory-abandoned-but-still-compelli…](https://medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)\n
        \n
        Further details into how we don’t have a “lizard brain”: [thebrainscientist.com/…/you-dont-have-a-lizard-br…](https://thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)\n
        \n
        Deacon’s paper on rethinking the mammalian brain: [researchgate.net/…/31439318_Rethinking_Mammalian_…](https://www.researchgate.net/publication/31439318_Rethinking_Mammalian_Brain_Evolution)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698601185 {#2381
        date: 2023-10-29 18:39:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@ZachWeinersmith@mastodon.social"
        "@Masimatutu@lemm.ee"
        "@FaceDeer@kbin.social"
        "@DarkenLM@kbin.social"
        "@skulblaka@kbin.social"
        "@enki@lemm.ee"
        "@intensely_human@lemm.ee"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1410 …}
      +nested: Doctrine\ORM\PersistentCollection {#1907 …}
      +votes: Doctrine\ORM\PersistentCollection {#1407 …}
      +reports: Doctrine\ORM\PersistentCollection {#2391 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2369 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2392 …}
      -id: 78608
      -bodyTs: "'/2018/04/11/you-dont-have-a-lizard-brain/)':247 '/31439318_rethinking_mammalian_':257 '/a-theory-abandoned-but-still-compelli':228 '/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':231 '/publication/31439318_rethinking_mammalian_brain_evolution)':260 '/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':208 '/you-dont-have-a-lizard-br':244 'act':92 'alreadi':45 'appear':90 'aren':14 'basic':99 'bit':132,170 'brain':76,242,255 'built':120 'clear':66 'complex':138 'conclus':12,109,182 'condescend':161 'cut':67 'date':19 'deacon':248 'demarc':61 'detail':233 'develop':205 'doesn':31,77 'draw':8,179 'driver':96 'earliest':50 'either':88 'en.m.wikipedia.org':207 'en.m.wikipedia.org/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':206 'even':48,105 'fallen':190 'foundat':124 'function':100 'import':216 'incorrect':226 'interest':134,171 'introduct':211 'isn':62 'larg':189 'leav':149 'lizard':241 'll':147 'loft':108 'lofti':11,181 'lot':174 'made':112 'mammal':51 'mammalian':254 'medicine.yale.edu':230 'medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':229 'might':128 'model':6,186,203 'most':225 'neocortex':43 'neurolog':24,195 'note':156 'old':75 'over':222 'paper':250 'peopl':176 'present':46,73,86,144 'primari':95 'quick':155,210 'quit':56,64,130 'rather':10 're':2,85 'read':196 'realli':16,33 'recent':38 'researchgate.net':256 'rethink':252 'rude':163 'see':200 'seem':70,117,141 'shown':219 'simplifi':29,223 'solid':123 'sourc':151 'straightforward':58 'studi':39 'suggest':40 'sure':102 'tackl':106 'take':79 'tend':177 'thebrainscientist.com':243,246 'thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)':245 'thing':127 'think':126 'topic':166 'tri':158 'triun':5,185 'understand':22 'use':3 've':111 'way':27,36,83 'waysid':193 'wiki':198 'wild':136 'work':34 'www.researchgate.net':259 'www.researchgate.net/publication/31439318_rethinking_mammalian_brain_evolution)':258 'yale.edu':227"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4913878"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698601185 {#2383
        date: 2023-10-29 18:39:45.0 +01:00
      }
      +"title": 78608
    }
  ]
  -id: 8191
  -titleTs: "'autocomplet':1 'weinersmith':4 'zach':3"
  -bodyTs: "'/@zachweinersmith/111313326393156519)':6 'mastodon':3 'mastodon.social':5 'mastodon.social/@zachweinersmith/111313326393156519)':4 'sourc':2 'zachweinersmith@mastodon.social':1"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1698596703
  +visibility: "visible             "
  +apId: "https://lemm.ee/post/13058587"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698510303 {#1996
    date: 2023-10-28 18:25:03.0 +02:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1906
  +user: Proxies\__CG__\App\Entity\User {#2173 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
  +image: Proxies\__CG__\App\Entity\Image {#2015 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2008 …}
  +slug: "Autocomplete-by-Zach-Weinersmith"
  +title: ""Autocomplete" by Zach Weinersmith"
  +url: "https://files.mastodon.social/media_attachments/files/111/313/326/070/534/726/original/38ef4380765f9d67.png"
  +body: """
    @ZachWeinersmith@mastodon.social\n
    \n
    [source (Mastodon)](https://mastodon.social/@ZachWeinersmith/111313326393156519)
    """
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 41
  +favouriteCount: 683
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1698629252 {#2010
    date: 2023-10-30 02:27:32.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: [
    "@ZachWeinersmith@mastodon.social"
  ]
  +comments: Doctrine\ORM\PersistentCollection {#1984 …}
  +votes: Doctrine\ORM\PersistentCollection {#1981 …}
  +reports: Doctrine\ORM\PersistentCollection {#1982 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1980 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2375 …}
  +badges: Doctrine\ORM\PersistentCollection {#2374 …}
  +children: [
    App\Entity\EntryComment {#1910
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1906 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1708 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1926 …}
      +body: """
        You’re using the triune model to draw some rather lofty conclusions that aren’t really up to date with our understanding of neurology. It’s way over simplified and doesn’t really work that way. More recent studies suggest that the neocortex was already present in even the earliest mammals, so it’s not quite as straightforward and the demarcation isn’t quite as clear cut, as you seem to be presenting it. “Old brain” doesn’t “take over” in the way you’re presenting it either but appears to act as a primary driver for those basic functions.\n
        \n
        Not sure how to even tackle the loftly conclusions you’ve made because the don’t seem to be built on a solid foundation. I think things might be quite a bit more interesting, and wildly more complex, then you seem to be presenting it. I’ll just leave some sources below with a quick note. Not trying to be condescending, or rude, just a topic that is a bit interesting, and a lot of people tend to draw some lofty conclusions from the triune model which has largely fallen by the wayside in neurology.\n
        \n
        Read the wiki to see how the model was developed: [en.m.wikipedia.org/wiki/Triune_brain](https://en.m.wikipedia.org/wiki/Triune_brain)\n
        \n
        A quick introduction to why it was important but has shown to be overly simplified and mostly incorrect: […yale.edu/…/a-theory-abandoned-but-still-compelli…](https://medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)\n
        \n
        Further details into how we don’t have a “lizard brain”: [thebrainscientist.com/…/you-dont-have-a-lizard-br…](https://thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)\n
        \n
        Deacon’s paper on rethinking the mammalian brain: [researchgate.net/…/31439318_Rethinking_Mammalian_…](https://www.researchgate.net/publication/31439318_Rethinking_Mammalian_Brain_Evolution)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698601185 {#2381
        date: 2023-10-29 18:39:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@ZachWeinersmith@mastodon.social"
        "@Masimatutu@lemm.ee"
        "@FaceDeer@kbin.social"
        "@DarkenLM@kbin.social"
        "@skulblaka@kbin.social"
        "@enki@lemm.ee"
        "@intensely_human@lemm.ee"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1410 …}
      +nested: Doctrine\ORM\PersistentCollection {#1907 …}
      +votes: Doctrine\ORM\PersistentCollection {#1407 …}
      +reports: Doctrine\ORM\PersistentCollection {#2391 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2369 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2392 …}
      -id: 78608
      -bodyTs: "'/2018/04/11/you-dont-have-a-lizard-brain/)':247 '/31439318_rethinking_mammalian_':257 '/a-theory-abandoned-but-still-compelli':228 '/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':231 '/publication/31439318_rethinking_mammalian_brain_evolution)':260 '/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':208 '/you-dont-have-a-lizard-br':244 'act':92 'alreadi':45 'appear':90 'aren':14 'basic':99 'bit':132,170 'brain':76,242,255 'built':120 'clear':66 'complex':138 'conclus':12,109,182 'condescend':161 'cut':67 'date':19 'deacon':248 'demarc':61 'detail':233 'develop':205 'doesn':31,77 'draw':8,179 'driver':96 'earliest':50 'either':88 'en.m.wikipedia.org':207 'en.m.wikipedia.org/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':206 'even':48,105 'fallen':190 'foundat':124 'function':100 'import':216 'incorrect':226 'interest':134,171 'introduct':211 'isn':62 'larg':189 'leav':149 'lizard':241 'll':147 'loft':108 'lofti':11,181 'lot':174 'made':112 'mammal':51 'mammalian':254 'medicine.yale.edu':230 'medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':229 'might':128 'model':6,186,203 'most':225 'neocortex':43 'neurolog':24,195 'note':156 'old':75 'over':222 'paper':250 'peopl':176 'present':46,73,86,144 'primari':95 'quick':155,210 'quit':56,64,130 'rather':10 're':2,85 'read':196 'realli':16,33 'recent':38 'researchgate.net':256 'rethink':252 'rude':163 'see':200 'seem':70,117,141 'shown':219 'simplifi':29,223 'solid':123 'sourc':151 'straightforward':58 'studi':39 'suggest':40 'sure':102 'tackl':106 'take':79 'tend':177 'thebrainscientist.com':243,246 'thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)':245 'thing':127 'think':126 'topic':166 'tri':158 'triun':5,185 'understand':22 'use':3 've':111 'way':27,36,83 'waysid':193 'wiki':198 'wild':136 'work':34 'www.researchgate.net':259 'www.researchgate.net/publication/31439318_rethinking_mammalian_brain_evolution)':258 'yale.edu':227"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4913878"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698601185 {#2383
        date: 2023-10-29 18:39:45.0 +01:00
      }
      +"title": 78608
    }
  ]
  -id: 8191
  -titleTs: "'autocomplet':1 'weinersmith':4 'zach':3"
  -bodyTs: "'/@zachweinersmith/111313326393156519)':6 'mastodon':3 'mastodon.social':5 'mastodon.social/@zachweinersmith/111313326393156519)':4 'sourc':2 'zachweinersmith@mastodon.social':1"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1698596703
  +visibility: "visible             "
  +apId: "https://lemm.ee/post/13058587"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698510303 {#1996
    date: 2023-10-28 18:25:03.0 +02:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1906
  +user: Proxies\__CG__\App\Entity\User {#2173 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
  +image: Proxies\__CG__\App\Entity\Image {#2015 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2008 …}
  +slug: "Autocomplete-by-Zach-Weinersmith"
  +title: ""Autocomplete" by Zach Weinersmith"
  +url: "https://files.mastodon.social/media_attachments/files/111/313/326/070/534/726/original/38ef4380765f9d67.png"
  +body: """
    @ZachWeinersmith@mastodon.social\n
    \n
    [source (Mastodon)](https://mastodon.social/@ZachWeinersmith/111313326393156519)
    """
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 41
  +favouriteCount: 683
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1698629252 {#2010
    date: 2023-10-30 02:27:32.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: [
    "@ZachWeinersmith@mastodon.social"
  ]
  +comments: Doctrine\ORM\PersistentCollection {#1984 …}
  +votes: Doctrine\ORM\PersistentCollection {#1981 …}
  +reports: Doctrine\ORM\PersistentCollection {#1982 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1980 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2375 …}
  +badges: Doctrine\ORM\PersistentCollection {#2374 …}
  +children: [
    App\Entity\EntryComment {#1910
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1906 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1708 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1926 …}
      +body: """
        You’re using the triune model to draw some rather lofty conclusions that aren’t really up to date with our understanding of neurology. It’s way over simplified and doesn’t really work that way. More recent studies suggest that the neocortex was already present in even the earliest mammals, so it’s not quite as straightforward and the demarcation isn’t quite as clear cut, as you seem to be presenting it. “Old brain” doesn’t “take over” in the way you’re presenting it either but appears to act as a primary driver for those basic functions.\n
        \n
        Not sure how to even tackle the loftly conclusions you’ve made because the don’t seem to be built on a solid foundation. I think things might be quite a bit more interesting, and wildly more complex, then you seem to be presenting it. I’ll just leave some sources below with a quick note. Not trying to be condescending, or rude, just a topic that is a bit interesting, and a lot of people tend to draw some lofty conclusions from the triune model which has largely fallen by the wayside in neurology.\n
        \n
        Read the wiki to see how the model was developed: [en.m.wikipedia.org/wiki/Triune_brain](https://en.m.wikipedia.org/wiki/Triune_brain)\n
        \n
        A quick introduction to why it was important but has shown to be overly simplified and mostly incorrect: […yale.edu/…/a-theory-abandoned-but-still-compelli…](https://medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)\n
        \n
        Further details into how we don’t have a “lizard brain”: [thebrainscientist.com/…/you-dont-have-a-lizard-br…](https://thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)\n
        \n
        Deacon’s paper on rethinking the mammalian brain: [researchgate.net/…/31439318_Rethinking_Mammalian_…](https://www.researchgate.net/publication/31439318_Rethinking_Mammalian_Brain_Evolution)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698601185 {#2381
        date: 2023-10-29 18:39:45.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@ZachWeinersmith@mastodon.social"
        "@Masimatutu@lemm.ee"
        "@FaceDeer@kbin.social"
        "@DarkenLM@kbin.social"
        "@skulblaka@kbin.social"
        "@enki@lemm.ee"
        "@intensely_human@lemm.ee"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1410 …}
      +nested: Doctrine\ORM\PersistentCollection {#1907 …}
      +votes: Doctrine\ORM\PersistentCollection {#1407 …}
      +reports: Doctrine\ORM\PersistentCollection {#2391 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2369 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2392 …}
      -id: 78608
      -bodyTs: "'/2018/04/11/you-dont-have-a-lizard-brain/)':247 '/31439318_rethinking_mammalian_':257 '/a-theory-abandoned-but-still-compelli':228 '/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':231 '/publication/31439318_rethinking_mammalian_brain_evolution)':260 '/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':208 '/you-dont-have-a-lizard-br':244 'act':92 'alreadi':45 'appear':90 'aren':14 'basic':99 'bit':132,170 'brain':76,242,255 'built':120 'clear':66 'complex':138 'conclus':12,109,182 'condescend':161 'cut':67 'date':19 'deacon':248 'demarc':61 'detail':233 'develop':205 'doesn':31,77 'draw':8,179 'driver':96 'earliest':50 'either':88 'en.m.wikipedia.org':207 'en.m.wikipedia.org/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':206 'even':48,105 'fallen':190 'foundat':124 'function':100 'import':216 'incorrect':226 'interest':134,171 'introduct':211 'isn':62 'larg':189 'leav':149 'lizard':241 'll':147 'loft':108 'lofti':11,181 'lot':174 'made':112 'mammal':51 'mammalian':254 'medicine.yale.edu':230 'medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':229 'might':128 'model':6,186,203 'most':225 'neocortex':43 'neurolog':24,195 'note':156 'old':75 'over':222 'paper':250 'peopl':176 'present':46,73,86,144 'primari':95 'quick':155,210 'quit':56,64,130 'rather':10 're':2,85 'read':196 'realli':16,33 'recent':38 'researchgate.net':256 'rethink':252 'rude':163 'see':200 'seem':70,117,141 'shown':219 'simplifi':29,223 'solid':123 'sourc':151 'straightforward':58 'studi':39 'suggest':40 'sure':102 'tackl':106 'take':79 'tend':177 'thebrainscientist.com':243,246 'thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)':245 'thing':127 'think':126 'topic':166 'tri':158 'triun':5,185 'understand':22 'use':3 've':111 'way':27,36,83 'waysid':193 'wiki':198 'wild':136 'work':34 'www.researchgate.net':259 'www.researchgate.net/publication/31439318_rethinking_mammalian_brain_evolution)':258 'yale.edu':227"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4913878"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698601185 {#2383
        date: 2023-10-29 18:39:45.0 +01:00
      }
      +"title": 78608
    }
  ]
  -id: 8191
  -titleTs: "'autocomplet':1 'weinersmith':4 'zach':3"
  -bodyTs: "'/@zachweinersmith/111313326393156519)':6 'mastodon':3 'mastodon.social':5 'mastodon.social/@zachweinersmith/111313326393156519)':4 'sourc':2 'zachweinersmith@mastodon.social':1"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1698596703
  +visibility: "visible             "
  +apId: "https://lemm.ee/post/13058587"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698510303 {#1996
    date: 2023-10-28 18:25:03.0 +02:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1910
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1906
    +user: Proxies\__CG__\App\Entity\User {#2173 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
    +image: Proxies\__CG__\App\Entity\Image {#2015 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2008 …}
    +slug: "Autocomplete-by-Zach-Weinersmith"
    +title: ""Autocomplete" by Zach Weinersmith"
    +url: "https://files.mastodon.social/media_attachments/files/111/313/326/070/534/726/original/38ef4380765f9d67.png"
    +body: """
      @ZachWeinersmith@mastodon.social\n
      \n
      [source (Mastodon)](https://mastodon.social/@ZachWeinersmith/111313326393156519)
      """
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 41
    +favouriteCount: 683
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698629252 {#2010
      date: 2023-10-30 02:27:32.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: [
      "@ZachWeinersmith@mastodon.social"
    ]
    +comments: Doctrine\ORM\PersistentCollection {#1984 …}
    +votes: Doctrine\ORM\PersistentCollection {#1981 …}
    +reports: Doctrine\ORM\PersistentCollection {#1982 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1980 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2375 …}
    +badges: Doctrine\ORM\PersistentCollection {#2374 …}
    +children: [
      App\Entity\EntryComment {#1910}
    ]
    -id: 8191
    -titleTs: "'autocomplet':1 'weinersmith':4 'zach':3"
    -bodyTs: "'/@zachweinersmith/111313326393156519)':6 'mastodon':3 'mastodon.social':5 'mastodon.social/@zachweinersmith/111313326393156519)':4 'sourc':2 'zachweinersmith@mastodon.social':1"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698596703
    +visibility: "visible             "
    +apId: "https://lemm.ee/post/13058587"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698510303 {#1996
      date: 2023-10-28 18:25:03.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1708 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1926 …}
  +body: """
    You’re using the triune model to draw some rather lofty conclusions that aren’t really up to date with our understanding of neurology. It’s way over simplified and doesn’t really work that way. More recent studies suggest that the neocortex was already present in even the earliest mammals, so it’s not quite as straightforward and the demarcation isn’t quite as clear cut, as you seem to be presenting it. “Old brain” doesn’t “take over” in the way you’re presenting it either but appears to act as a primary driver for those basic functions.\n
    \n
    Not sure how to even tackle the loftly conclusions you’ve made because the don’t seem to be built on a solid foundation. I think things might be quite a bit more interesting, and wildly more complex, then you seem to be presenting it. I’ll just leave some sources below with a quick note. Not trying to be condescending, or rude, just a topic that is a bit interesting, and a lot of people tend to draw some lofty conclusions from the triune model which has largely fallen by the wayside in neurology.\n
    \n
    Read the wiki to see how the model was developed: [en.m.wikipedia.org/wiki/Triune_brain](https://en.m.wikipedia.org/wiki/Triune_brain)\n
    \n
    A quick introduction to why it was important but has shown to be overly simplified and mostly incorrect: […yale.edu/…/a-theory-abandoned-but-still-compelli…](https://medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)\n
    \n
    Further details into how we don’t have a “lizard brain”: [thebrainscientist.com/…/you-dont-have-a-lizard-br…](https://thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)\n
    \n
    Deacon’s paper on rethinking the mammalian brain: [researchgate.net/…/31439318_Rethinking_Mammalian_…](https://www.researchgate.net/publication/31439318_Rethinking_Mammalian_Brain_Evolution)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698601185 {#2381
    date: 2023-10-29 18:39:45.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@ZachWeinersmith@mastodon.social"
    "@Masimatutu@lemm.ee"
    "@FaceDeer@kbin.social"
    "@DarkenLM@kbin.social"
    "@skulblaka@kbin.social"
    "@enki@lemm.ee"
    "@intensely_human@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1410 …}
  +nested: Doctrine\ORM\PersistentCollection {#1907 …}
  +votes: Doctrine\ORM\PersistentCollection {#1407 …}
  +reports: Doctrine\ORM\PersistentCollection {#2391 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2369 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2392 …}
  -id: 78608
  -bodyTs: "'/2018/04/11/you-dont-have-a-lizard-brain/)':247 '/31439318_rethinking_mammalian_':257 '/a-theory-abandoned-but-still-compelli':228 '/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':231 '/publication/31439318_rethinking_mammalian_brain_evolution)':260 '/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':208 '/you-dont-have-a-lizard-br':244 'act':92 'alreadi':45 'appear':90 'aren':14 'basic':99 'bit':132,170 'brain':76,242,255 'built':120 'clear':66 'complex':138 'conclus':12,109,182 'condescend':161 'cut':67 'date':19 'deacon':248 'demarc':61 'detail':233 'develop':205 'doesn':31,77 'draw':8,179 'driver':96 'earliest':50 'either':88 'en.m.wikipedia.org':207 'en.m.wikipedia.org/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':206 'even':48,105 'fallen':190 'foundat':124 'function':100 'import':216 'incorrect':226 'interest':134,171 'introduct':211 'isn':62 'larg':189 'leav':149 'lizard':241 'll':147 'loft':108 'lofti':11,181 'lot':174 'made':112 'mammal':51 'mammalian':254 'medicine.yale.edu':230 'medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':229 'might':128 'model':6,186,203 'most':225 'neocortex':43 'neurolog':24,195 'note':156 'old':75 'over':222 'paper':250 'peopl':176 'present':46,73,86,144 'primari':95 'quick':155,210 'quit':56,64,130 'rather':10 're':2,85 'read':196 'realli':16,33 'recent':38 'researchgate.net':256 'rethink':252 'rude':163 'see':200 'seem':70,117,141 'shown':219 'simplifi':29,223 'solid':123 'sourc':151 'straightforward':58 'studi':39 'suggest':40 'sure':102 'tackl':106 'take':79 'tend':177 'thebrainscientist.com':243,246 'thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)':245 'thing':127 'think':126 'topic':166 'tri':158 'triun':5,185 'understand':22 'use':3 've':111 'way':27,36,83 'waysid':193 'wiki':198 'wild':136 'work':34 'www.researchgate.net':259 'www.researchgate.net/publication/31439318_rethinking_mammalian_brain_evolution)':258 'yale.edu':227"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4913878"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698601185 {#2383
    date: 2023-10-29 18:39:45.0 +01:00
  }
  +"title": 78608
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1910
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1906
    +user: Proxies\__CG__\App\Entity\User {#2173 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
    +image: Proxies\__CG__\App\Entity\Image {#2015 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2008 …}
    +slug: "Autocomplete-by-Zach-Weinersmith"
    +title: ""Autocomplete" by Zach Weinersmith"
    +url: "https://files.mastodon.social/media_attachments/files/111/313/326/070/534/726/original/38ef4380765f9d67.png"
    +body: """
      @ZachWeinersmith@mastodon.social\n
      \n
      [source (Mastodon)](https://mastodon.social/@ZachWeinersmith/111313326393156519)
      """
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 41
    +favouriteCount: 683
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698629252 {#2010
      date: 2023-10-30 02:27:32.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: [
      "@ZachWeinersmith@mastodon.social"
    ]
    +comments: Doctrine\ORM\PersistentCollection {#1984 …}
    +votes: Doctrine\ORM\PersistentCollection {#1981 …}
    +reports: Doctrine\ORM\PersistentCollection {#1982 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1980 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2375 …}
    +badges: Doctrine\ORM\PersistentCollection {#2374 …}
    +children: [
      App\Entity\EntryComment {#1910}
    ]
    -id: 8191
    -titleTs: "'autocomplet':1 'weinersmith':4 'zach':3"
    -bodyTs: "'/@zachweinersmith/111313326393156519)':6 'mastodon':3 'mastodon.social':5 'mastodon.social/@zachweinersmith/111313326393156519)':4 'sourc':2 'zachweinersmith@mastodon.social':1"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698596703
    +visibility: "visible             "
    +apId: "https://lemm.ee/post/13058587"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698510303 {#1996
      date: 2023-10-28 18:25:03.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1708 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1926 …}
  +body: """
    You’re using the triune model to draw some rather lofty conclusions that aren’t really up to date with our understanding of neurology. It’s way over simplified and doesn’t really work that way. More recent studies suggest that the neocortex was already present in even the earliest mammals, so it’s not quite as straightforward and the demarcation isn’t quite as clear cut, as you seem to be presenting it. “Old brain” doesn’t “take over” in the way you’re presenting it either but appears to act as a primary driver for those basic functions.\n
    \n
    Not sure how to even tackle the loftly conclusions you’ve made because the don’t seem to be built on a solid foundation. I think things might be quite a bit more interesting, and wildly more complex, then you seem to be presenting it. I’ll just leave some sources below with a quick note. Not trying to be condescending, or rude, just a topic that is a bit interesting, and a lot of people tend to draw some lofty conclusions from the triune model which has largely fallen by the wayside in neurology.\n
    \n
    Read the wiki to see how the model was developed: [en.m.wikipedia.org/wiki/Triune_brain](https://en.m.wikipedia.org/wiki/Triune_brain)\n
    \n
    A quick introduction to why it was important but has shown to be overly simplified and mostly incorrect: […yale.edu/…/a-theory-abandoned-but-still-compelli…](https://medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)\n
    \n
    Further details into how we don’t have a “lizard brain”: [thebrainscientist.com/…/you-dont-have-a-lizard-br…](https://thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)\n
    \n
    Deacon’s paper on rethinking the mammalian brain: [researchgate.net/…/31439318_Rethinking_Mammalian_…](https://www.researchgate.net/publication/31439318_Rethinking_Mammalian_Brain_Evolution)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698601185 {#2381
    date: 2023-10-29 18:39:45.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@ZachWeinersmith@mastodon.social"
    "@Masimatutu@lemm.ee"
    "@FaceDeer@kbin.social"
    "@DarkenLM@kbin.social"
    "@skulblaka@kbin.social"
    "@enki@lemm.ee"
    "@intensely_human@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1410 …}
  +nested: Doctrine\ORM\PersistentCollection {#1907 …}
  +votes: Doctrine\ORM\PersistentCollection {#1407 …}
  +reports: Doctrine\ORM\PersistentCollection {#2391 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2369 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2392 …}
  -id: 78608
  -bodyTs: "'/2018/04/11/you-dont-have-a-lizard-brain/)':247 '/31439318_rethinking_mammalian_':257 '/a-theory-abandoned-but-still-compelli':228 '/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':231 '/publication/31439318_rethinking_mammalian_brain_evolution)':260 '/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':208 '/you-dont-have-a-lizard-br':244 'act':92 'alreadi':45 'appear':90 'aren':14 'basic':99 'bit':132,170 'brain':76,242,255 'built':120 'clear':66 'complex':138 'conclus':12,109,182 'condescend':161 'cut':67 'date':19 'deacon':248 'demarc':61 'detail':233 'develop':205 'doesn':31,77 'draw':8,179 'driver':96 'earliest':50 'either':88 'en.m.wikipedia.org':207 'en.m.wikipedia.org/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':206 'even':48,105 'fallen':190 'foundat':124 'function':100 'import':216 'incorrect':226 'interest':134,171 'introduct':211 'isn':62 'larg':189 'leav':149 'lizard':241 'll':147 'loft':108 'lofti':11,181 'lot':174 'made':112 'mammal':51 'mammalian':254 'medicine.yale.edu':230 'medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':229 'might':128 'model':6,186,203 'most':225 'neocortex':43 'neurolog':24,195 'note':156 'old':75 'over':222 'paper':250 'peopl':176 'present':46,73,86,144 'primari':95 'quick':155,210 'quit':56,64,130 'rather':10 're':2,85 'read':196 'realli':16,33 'recent':38 'researchgate.net':256 'rethink':252 'rude':163 'see':200 'seem':70,117,141 'shown':219 'simplifi':29,223 'solid':123 'sourc':151 'straightforward':58 'studi':39 'suggest':40 'sure':102 'tackl':106 'take':79 'tend':177 'thebrainscientist.com':243,246 'thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)':245 'thing':127 'think':126 'topic':166 'tri':158 'triun':5,185 'understand':22 'use':3 've':111 'way':27,36,83 'waysid':193 'wiki':198 'wild':136 'work':34 'www.researchgate.net':259 'www.researchgate.net/publication/31439318_rethinking_mammalian_brain_evolution)':258 'yale.edu':227"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4913878"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698601185 {#2383
    date: 2023-10-29 18:39:45.0 +01:00
  }
  +"title": 78608
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1910
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1906
    +user: Proxies\__CG__\App\Entity\User {#2173 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
    +image: Proxies\__CG__\App\Entity\Image {#2015 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2008 …}
    +slug: "Autocomplete-by-Zach-Weinersmith"
    +title: ""Autocomplete" by Zach Weinersmith"
    +url: "https://files.mastodon.social/media_attachments/files/111/313/326/070/534/726/original/38ef4380765f9d67.png"
    +body: """
      @ZachWeinersmith@mastodon.social\n
      \n
      [source (Mastodon)](https://mastodon.social/@ZachWeinersmith/111313326393156519)
      """
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 41
    +favouriteCount: 683
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698629252 {#2010
      date: 2023-10-30 02:27:32.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: [
      "@ZachWeinersmith@mastodon.social"
    ]
    +comments: Doctrine\ORM\PersistentCollection {#1984 …}
    +votes: Doctrine\ORM\PersistentCollection {#1981 …}
    +reports: Doctrine\ORM\PersistentCollection {#1982 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1980 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2375 …}
    +badges: Doctrine\ORM\PersistentCollection {#2374 …}
    +children: [
      App\Entity\EntryComment {#1910}
    ]
    -id: 8191
    -titleTs: "'autocomplet':1 'weinersmith':4 'zach':3"
    -bodyTs: "'/@zachweinersmith/111313326393156519)':6 'mastodon':3 'mastodon.social':5 'mastodon.social/@zachweinersmith/111313326393156519)':4 'sourc':2 'zachweinersmith@mastodon.social':1"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698596703
    +visibility: "visible             "
    +apId: "https://lemm.ee/post/13058587"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698510303 {#1996
      date: 2023-10-28 18:25:03.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1909 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1708 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1926 …}
  +body: """
    You’re using the triune model to draw some rather lofty conclusions that aren’t really up to date with our understanding of neurology. It’s way over simplified and doesn’t really work that way. More recent studies suggest that the neocortex was already present in even the earliest mammals, so it’s not quite as straightforward and the demarcation isn’t quite as clear cut, as you seem to be presenting it. “Old brain” doesn’t “take over” in the way you’re presenting it either but appears to act as a primary driver for those basic functions.\n
    \n
    Not sure how to even tackle the loftly conclusions you’ve made because the don’t seem to be built on a solid foundation. I think things might be quite a bit more interesting, and wildly more complex, then you seem to be presenting it. I’ll just leave some sources below with a quick note. Not trying to be condescending, or rude, just a topic that is a bit interesting, and a lot of people tend to draw some lofty conclusions from the triune model which has largely fallen by the wayside in neurology.\n
    \n
    Read the wiki to see how the model was developed: [en.m.wikipedia.org/wiki/Triune_brain](https://en.m.wikipedia.org/wiki/Triune_brain)\n
    \n
    A quick introduction to why it was important but has shown to be overly simplified and mostly incorrect: […yale.edu/…/a-theory-abandoned-but-still-compelli…](https://medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)\n
    \n
    Further details into how we don’t have a “lizard brain”: [thebrainscientist.com/…/you-dont-have-a-lizard-br…](https://thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)\n
    \n
    Deacon’s paper on rethinking the mammalian brain: [researchgate.net/…/31439318_Rethinking_Mammalian_…](https://www.researchgate.net/publication/31439318_Rethinking_Mammalian_Brain_Evolution)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698601185 {#2381
    date: 2023-10-29 18:39:45.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@ZachWeinersmith@mastodon.social"
    "@Masimatutu@lemm.ee"
    "@FaceDeer@kbin.social"
    "@DarkenLM@kbin.social"
    "@skulblaka@kbin.social"
    "@enki@lemm.ee"
    "@intensely_human@lemm.ee"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1410 …}
  +nested: Doctrine\ORM\PersistentCollection {#1907 …}
  +votes: Doctrine\ORM\PersistentCollection {#1407 …}
  +reports: Doctrine\ORM\PersistentCollection {#2391 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2369 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2392 …}
  -id: 78608
  -bodyTs: "'/2018/04/11/you-dont-have-a-lizard-brain/)':247 '/31439318_rethinking_mammalian_':257 '/a-theory-abandoned-but-still-compelli':228 '/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':231 '/publication/31439318_rethinking_mammalian_brain_evolution)':260 '/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':208 '/you-dont-have-a-lizard-br':244 'act':92 'alreadi':45 'appear':90 'aren':14 'basic':99 'bit':132,170 'brain':76,242,255 'built':120 'clear':66 'complex':138 'conclus':12,109,182 'condescend':161 'cut':67 'date':19 'deacon':248 'demarc':61 'detail':233 'develop':205 'doesn':31,77 'draw':8,179 'driver':96 'earliest':50 'either':88 'en.m.wikipedia.org':207 'en.m.wikipedia.org/wiki/triune_brain](https://en.m.wikipedia.org/wiki/triune_brain)':206 'even':48,105 'fallen':190 'foundat':124 'function':100 'import':216 'incorrect':226 'interest':134,171 'introduct':211 'isn':62 'larg':189 'leav':149 'lizard':241 'll':147 'loft':108 'lofti':11,181 'lot':174 'made':112 'mammal':51 'mammalian':254 'medicine.yale.edu':230 'medicine.yale.edu/news/yale-medicine-magazine/article/a-theory-abandoned-but-still-compelling/)':229 'might':128 'model':6,186,203 'most':225 'neocortex':43 'neurolog':24,195 'note':156 'old':75 'over':222 'paper':250 'peopl':176 'present':46,73,86,144 'primari':95 'quick':155,210 'quit':56,64,130 'rather':10 're':2,85 'read':196 'realli':16,33 'recent':38 'researchgate.net':256 'rethink':252 'rude':163 'see':200 'seem':70,117,141 'shown':219 'simplifi':29,223 'solid':123 'sourc':151 'straightforward':58 'studi':39 'suggest':40 'sure':102 'tackl':106 'take':79 'tend':177 'thebrainscientist.com':243,246 'thebrainscientist.com/2018/04/11/you-dont-have-a-lizard-brain/)':245 'thing':127 'think':126 'topic':166 'tri':158 'triun':5,185 'understand':22 'use':3 've':111 'way':27,36,83 'waysid':193 'wiki':198 'wild':136 'work':34 'www.researchgate.net':259 'www.researchgate.net/publication/31439318_rethinking_mammalian_brain_evolution)':258 'yale.edu':227"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4913878"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698601185 {#2383
    date: 2023-10-29 18:39:45.0 +01:00
  }
  +"title": 78608
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1571
  +user: Proxies\__CG__\App\Entity\User {#2057 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
  +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
  +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
  +url: null
  +body: """
    One chestnut from my history in lottery game development:\n
    \n
    While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
    \n
    Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 261
  +favouriteCount: 423
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1698669717 {#2362
    date: 2023-10-30 13:41:57.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2352 …}
  +votes: Doctrine\ORM\PersistentCollection {#1350 …}
  +reports: Doctrine\ORM\PersistentCollection {#1351 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
  +badges: Doctrine\ORM\PersistentCollection {#1355 …}
  +children: [
    7 => App\Entity\EntryComment {#1696
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
      +body: """
        Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
        \n
        The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
        \n
        [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 10
      +score: 0
      +lastActive: DateTime @1698120749 {#1428
        date: 2023-10-24 06:12:29.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Hogger85b@kbin.social"
        "@netburnr@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1668 …}
      +nested: Doctrine\ORM\PersistentCollection {#1666 …}
      +votes: Doctrine\ORM\PersistentCollection {#1669 …}
      +reports: Doctrine\ORM\PersistentCollection {#1677 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
      -id: 68686
      -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4767964"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698120749 {#1440
        date: 2023-10-24 06:12:29.0 +02:00
      }
      +"title": 68686
    }
    6 => App\Entity\EntryComment {#1559
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: """
        Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
        \n
        They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
        \n
        Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1698191326 {#1580
        date: 2023-10-25 01:48:46.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dual_sport_dork@lemmy.world"
        "@SpaceNoodle@lemmy.world"
        "@residentmarchant@lemmy.world"
        "@curve_empty_buzz@discuss.tchncs.de"
        "@Rooty@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1561 …}
      +nested: Doctrine\ORM\PersistentCollection {#1564 …}
      +votes: Doctrine\ORM\PersistentCollection {#1563 …}
      +reports: Doctrine\ORM\PersistentCollection {#1565 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
      -id: 70098
      -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4788727"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698191326 {#1550
        date: 2023-10-25 01:48:46.0 +02:00
      }
      +"title": 70098
    }
    5 => App\Entity\EntryComment {#1613
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: """
        The guideline is abundantly clear too with little room for interpretation:\n
        \n
        > 5.1.1.1 Memorized Secret Authenticators\n
        \n
        > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
        \n
        [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1698191874 {#1621
        date: 2023-10-25 01:57:54.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dditty@lemm.ee"
        "@Natanael@slrpnk.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1596 …}
      +nested: Doctrine\ORM\PersistentCollection {#1702 …}
      +votes: Doctrine\ORM\PersistentCollection {#1683 …}
      +reports: Doctrine\ORM\PersistentCollection {#1680 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
      -id: 70111
      -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4789077"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698191874 {#1620
        date: 2023-10-25 01:57:54.0 +02:00
      }
      +"title": 70111
    }
    4 => App\Entity\EntryComment {#1616
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1698201719 {#1705
        date: 2023-10-25 04:41:59.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dual_sport_dork@lemmy.world"
        "@SpaceNoodle@lemmy.world"
        "@residentmarchant@lemmy.world"
        "@curve_empty_buzz@discuss.tchncs.de"
        "@Rooty@lemmy.world"
        "@Hobo@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1598 …}
      +nested: Doctrine\ORM\PersistentCollection {#1629 …}
      +votes: Doctrine\ORM\PersistentCollection {#1626 …}
      +reports: Doctrine\ORM\PersistentCollection {#1618 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
      -id: 70270
      -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4795410"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698201719 {#1711
        date: 2023-10-25 04:41:59.0 +02:00
      }
      +"title": 70270
    }
    3 => App\Entity\EntryComment {#1721
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
      +body: """
        That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
        \n
        I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
        \n
        For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 6
      +score: 0
      +lastActive: DateTime @1698243920 {#1723
        date: 2023-10-25 16:25:20.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@vivadanang@lemm.ee"
        "@SendMePhotos@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1736 …}
      +nested: Doctrine\ORM\PersistentCollection {#1737 …}
      +votes: Doctrine\ORM\PersistentCollection {#1732 …}
      +reports: Doctrine\ORM\PersistentCollection {#1735 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
      -id: 71197
      -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4806988"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698243920 {#1722
        date: 2023-10-25 16:25:20.0 +02:00
      }
      +"title": 71197
    }
    2 => App\Entity\EntryComment {#1720
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
      +body: """
        Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
        \n
        There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
        \n
        Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
        \n
        I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698252503 {#1714
        date: 2023-10-25 18:48:23.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@vivadanang@lemm.ee"
        "@SendMePhotos@lemmy.world"
        "@Hobo@lemmy.world"
        "@MrMcGasion@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1717 …}
      +nested: Doctrine\ORM\PersistentCollection {#1741 …}
      +votes: Doctrine\ORM\PersistentCollection {#1707 …}
      +reports: Doctrine\ORM\PersistentCollection {#2464 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
      -id: 71493
      -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4809846"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698252503 {#1718
        date: 2023-10-25 18:48:23.0 +02:00
      }
      +"title": 71493
    }
    1 => App\Entity\EntryComment {#2461
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
      +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698257948 {#2462
        date: 2023-10-25 20:19:08.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@LucyLastic@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2460 …}
      +nested: Doctrine\ORM\PersistentCollection {#2452 …}
      +votes: Doctrine\ORM\PersistentCollection {#2454 …}
      +reports: Doctrine\ORM\PersistentCollection {#2459 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
      -id: 71699
      -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4811661"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698257948 {#2458
        date: 2023-10-25 20:19:08.0 +02:00
      }
      +"title": 71699
    }
    0 => App\Entity\EntryComment {#2370
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
      +body: """
        They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
        \n
        Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
        \n
        Good luck though! I’m just glad I’m not the one that has to deal with it.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698260052 {#2371
        date: 2023-10-25 20:54:12.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@jeena@jemmy.jeena.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2360 …}
      +nested: Doctrine\ORM\PersistentCollection {#2361 …}
      +votes: Doctrine\ORM\PersistentCollection {#2372 …}
      +reports: Doctrine\ORM\PersistentCollection {#2386 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
      -id: 71772
      -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4812324"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698260052 {#2363
        date: 2023-10-25 20:54:12.0 +02:00
      }
      +"title": 71772
    }
  ]
  -id: 7315
  -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
  -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1698180461
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/7232834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698094061 {#2017
    date: 2023-10-23 22:47:41.0 +02:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1571
  +user: Proxies\__CG__\App\Entity\User {#2057 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
  +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
  +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
  +url: null
  +body: """
    One chestnut from my history in lottery game development:\n
    \n
    While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
    \n
    Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 261
  +favouriteCount: 423
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1698669717 {#2362
    date: 2023-10-30 13:41:57.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2352 …}
  +votes: Doctrine\ORM\PersistentCollection {#1350 …}
  +reports: Doctrine\ORM\PersistentCollection {#1351 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
  +badges: Doctrine\ORM\PersistentCollection {#1355 …}
  +children: [
    7 => App\Entity\EntryComment {#1696
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
      +body: """
        Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
        \n
        The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
        \n
        [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 10
      +score: 0
      +lastActive: DateTime @1698120749 {#1428
        date: 2023-10-24 06:12:29.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Hogger85b@kbin.social"
        "@netburnr@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1668 …}
      +nested: Doctrine\ORM\PersistentCollection {#1666 …}
      +votes: Doctrine\ORM\PersistentCollection {#1669 …}
      +reports: Doctrine\ORM\PersistentCollection {#1677 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
      -id: 68686
      -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4767964"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698120749 {#1440
        date: 2023-10-24 06:12:29.0 +02:00
      }
      +"title": 68686
    }
    6 => App\Entity\EntryComment {#1559
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: """
        Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
        \n
        They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
        \n
        Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1698191326 {#1580
        date: 2023-10-25 01:48:46.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dual_sport_dork@lemmy.world"
        "@SpaceNoodle@lemmy.world"
        "@residentmarchant@lemmy.world"
        "@curve_empty_buzz@discuss.tchncs.de"
        "@Rooty@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1561 …}
      +nested: Doctrine\ORM\PersistentCollection {#1564 …}
      +votes: Doctrine\ORM\PersistentCollection {#1563 …}
      +reports: Doctrine\ORM\PersistentCollection {#1565 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
      -id: 70098
      -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4788727"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698191326 {#1550
        date: 2023-10-25 01:48:46.0 +02:00
      }
      +"title": 70098
    }
    5 => App\Entity\EntryComment {#1613
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: """
        The guideline is abundantly clear too with little room for interpretation:\n
        \n
        > 5.1.1.1 Memorized Secret Authenticators\n
        \n
        > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
        \n
        [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1698191874 {#1621
        date: 2023-10-25 01:57:54.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dditty@lemm.ee"
        "@Natanael@slrpnk.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1596 …}
      +nested: Doctrine\ORM\PersistentCollection {#1702 …}
      +votes: Doctrine\ORM\PersistentCollection {#1683 …}
      +reports: Doctrine\ORM\PersistentCollection {#1680 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
      -id: 70111
      -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4789077"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698191874 {#1620
        date: 2023-10-25 01:57:54.0 +02:00
      }
      +"title": 70111
    }
    4 => App\Entity\EntryComment {#1616
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1698201719 {#1705
        date: 2023-10-25 04:41:59.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dual_sport_dork@lemmy.world"
        "@SpaceNoodle@lemmy.world"
        "@residentmarchant@lemmy.world"
        "@curve_empty_buzz@discuss.tchncs.de"
        "@Rooty@lemmy.world"
        "@Hobo@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1598 …}
      +nested: Doctrine\ORM\PersistentCollection {#1629 …}
      +votes: Doctrine\ORM\PersistentCollection {#1626 …}
      +reports: Doctrine\ORM\PersistentCollection {#1618 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
      -id: 70270
      -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4795410"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698201719 {#1711
        date: 2023-10-25 04:41:59.0 +02:00
      }
      +"title": 70270
    }
    3 => App\Entity\EntryComment {#1721
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
      +body: """
        That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
        \n
        I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
        \n
        For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 6
      +score: 0
      +lastActive: DateTime @1698243920 {#1723
        date: 2023-10-25 16:25:20.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@vivadanang@lemm.ee"
        "@SendMePhotos@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1736 …}
      +nested: Doctrine\ORM\PersistentCollection {#1737 …}
      +votes: Doctrine\ORM\PersistentCollection {#1732 …}
      +reports: Doctrine\ORM\PersistentCollection {#1735 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
      -id: 71197
      -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4806988"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698243920 {#1722
        date: 2023-10-25 16:25:20.0 +02:00
      }
      +"title": 71197
    }
    2 => App\Entity\EntryComment {#1720
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
      +body: """
        Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
        \n
        There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
        \n
        Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
        \n
        I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698252503 {#1714
        date: 2023-10-25 18:48:23.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@vivadanang@lemm.ee"
        "@SendMePhotos@lemmy.world"
        "@Hobo@lemmy.world"
        "@MrMcGasion@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1717 …}
      +nested: Doctrine\ORM\PersistentCollection {#1741 …}
      +votes: Doctrine\ORM\PersistentCollection {#1707 …}
      +reports: Doctrine\ORM\PersistentCollection {#2464 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
      -id: 71493
      -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4809846"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698252503 {#1718
        date: 2023-10-25 18:48:23.0 +02:00
      }
      +"title": 71493
    }
    1 => App\Entity\EntryComment {#2461
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
      +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698257948 {#2462
        date: 2023-10-25 20:19:08.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@LucyLastic@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2460 …}
      +nested: Doctrine\ORM\PersistentCollection {#2452 …}
      +votes: Doctrine\ORM\PersistentCollection {#2454 …}
      +reports: Doctrine\ORM\PersistentCollection {#2459 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
      -id: 71699
      -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4811661"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698257948 {#2458
        date: 2023-10-25 20:19:08.0 +02:00
      }
      +"title": 71699
    }
    0 => App\Entity\EntryComment {#2370
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
      +body: """
        They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
        \n
        Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
        \n
        Good luck though! I’m just glad I’m not the one that has to deal with it.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698260052 {#2371
        date: 2023-10-25 20:54:12.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@jeena@jemmy.jeena.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2360 …}
      +nested: Doctrine\ORM\PersistentCollection {#2361 …}
      +votes: Doctrine\ORM\PersistentCollection {#2372 …}
      +reports: Doctrine\ORM\PersistentCollection {#2386 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
      -id: 71772
      -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4812324"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698260052 {#2363
        date: 2023-10-25 20:54:12.0 +02:00
      }
      +"title": 71772
    }
  ]
  -id: 7315
  -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
  -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1698180461
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/7232834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698094061 {#2017
    date: 2023-10-23 22:47:41.0 +02:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
Proxies\__CG__\App\Entity\Entry {#1571
  +user: Proxies\__CG__\App\Entity\User {#2057 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
  +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
  +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
  +url: null
  +body: """
    One chestnut from my history in lottery game development:\n
    \n
    While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
    \n
    Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 261
  +favouriteCount: 423
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1698669717 {#2362
    date: 2023-10-30 13:41:57.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2352 …}
  +votes: Doctrine\ORM\PersistentCollection {#1350 …}
  +reports: Doctrine\ORM\PersistentCollection {#1351 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
  +badges: Doctrine\ORM\PersistentCollection {#1355 …}
  +children: [
    7 => App\Entity\EntryComment {#1696
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
      +body: """
        Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
        \n
        The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
        \n
        [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 10
      +score: 0
      +lastActive: DateTime @1698120749 {#1428
        date: 2023-10-24 06:12:29.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Hogger85b@kbin.social"
        "@netburnr@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1668 …}
      +nested: Doctrine\ORM\PersistentCollection {#1666 …}
      +votes: Doctrine\ORM\PersistentCollection {#1669 …}
      +reports: Doctrine\ORM\PersistentCollection {#1677 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
      -id: 68686
      -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4767964"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698120749 {#1440
        date: 2023-10-24 06:12:29.0 +02:00
      }
      +"title": 68686
    }
    6 => App\Entity\EntryComment {#1559
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: """
        Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
        \n
        They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
        \n
        Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1698191326 {#1580
        date: 2023-10-25 01:48:46.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dual_sport_dork@lemmy.world"
        "@SpaceNoodle@lemmy.world"
        "@residentmarchant@lemmy.world"
        "@curve_empty_buzz@discuss.tchncs.de"
        "@Rooty@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1561 …}
      +nested: Doctrine\ORM\PersistentCollection {#1564 …}
      +votes: Doctrine\ORM\PersistentCollection {#1563 …}
      +reports: Doctrine\ORM\PersistentCollection {#1565 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
      -id: 70098
      -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4788727"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698191326 {#1550
        date: 2023-10-25 01:48:46.0 +02:00
      }
      +"title": 70098
    }
    5 => App\Entity\EntryComment {#1613
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: """
        The guideline is abundantly clear too with little room for interpretation:\n
        \n
        > 5.1.1.1 Memorized Secret Authenticators\n
        \n
        > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
        \n
        [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1698191874 {#1621
        date: 2023-10-25 01:57:54.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dditty@lemm.ee"
        "@Natanael@slrpnk.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1596 …}
      +nested: Doctrine\ORM\PersistentCollection {#1702 …}
      +votes: Doctrine\ORM\PersistentCollection {#1683 …}
      +reports: Doctrine\ORM\PersistentCollection {#1680 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
      -id: 70111
      -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4789077"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698191874 {#1620
        date: 2023-10-25 01:57:54.0 +02:00
      }
      +"title": 70111
    }
    4 => App\Entity\EntryComment {#1616
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
      +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
      +lang: "en"
      +isAdult: false
      +favouriteCount: 0
      +score: 0
      +lastActive: DateTime @1698201719 {#1705
        date: 2023-10-25 04:41:59.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@Cqrd@lemmy.dbzer0.com"
        "@dual_sport_dork@lemmy.world"
        "@SpaceNoodle@lemmy.world"
        "@residentmarchant@lemmy.world"
        "@curve_empty_buzz@discuss.tchncs.de"
        "@Rooty@lemmy.world"
        "@Hobo@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1598 …}
      +nested: Doctrine\ORM\PersistentCollection {#1629 …}
      +votes: Doctrine\ORM\PersistentCollection {#1626 …}
      +reports: Doctrine\ORM\PersistentCollection {#1618 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
      -id: 70270
      -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4795410"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698201719 {#1711
        date: 2023-10-25 04:41:59.0 +02:00
      }
      +"title": 70270
    }
    3 => App\Entity\EntryComment {#1721
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
      +body: """
        That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
        \n
        I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
        \n
        For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 6
      +score: 0
      +lastActive: DateTime @1698243920 {#1723
        date: 2023-10-25 16:25:20.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@vivadanang@lemm.ee"
        "@SendMePhotos@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1736 …}
      +nested: Doctrine\ORM\PersistentCollection {#1737 …}
      +votes: Doctrine\ORM\PersistentCollection {#1732 …}
      +reports: Doctrine\ORM\PersistentCollection {#1735 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
      -id: 71197
      -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4806988"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698243920 {#1722
        date: 2023-10-25 16:25:20.0 +02:00
      }
      +"title": 71197
    }
    2 => App\Entity\EntryComment {#1720
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
      +body: """
        Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
        \n
        There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
        \n
        Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
        \n
        I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698252503 {#1714
        date: 2023-10-25 18:48:23.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@vivadanang@lemm.ee"
        "@SendMePhotos@lemmy.world"
        "@Hobo@lemmy.world"
        "@MrMcGasion@lemmy.world"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1717 …}
      +nested: Doctrine\ORM\PersistentCollection {#1741 …}
      +votes: Doctrine\ORM\PersistentCollection {#1707 …}
      +reports: Doctrine\ORM\PersistentCollection {#2464 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
      -id: 71493
      -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4809846"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698252503 {#1718
        date: 2023-10-25 18:48:23.0 +02:00
      }
      +"title": 71493
    }
    1 => App\Entity\EntryComment {#2461
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
      +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698257948 {#2462
        date: 2023-10-25 20:19:08.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@LucyLastic@sh.itjust.works"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2460 …}
      +nested: Doctrine\ORM\PersistentCollection {#2452 …}
      +votes: Doctrine\ORM\PersistentCollection {#2454 …}
      +reports: Doctrine\ORM\PersistentCollection {#2459 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
      -id: 71699
      -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4811661"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698257948 {#2458
        date: 2023-10-25 20:19:08.0 +02:00
      }
      +"title": 71699
    }
    0 => App\Entity\EntryComment {#2370
      +user: App\Entity\User {#261 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
      +body: """
        They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
        \n
        Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
        \n
        Good luck though! I’m just glad I’m not the one that has to deal with it.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 1
      +score: 0
      +lastActive: DateTime @1698260052 {#2371
        date: 2023-10-25 20:54:12.0 +02:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Krudler@lemmy.world"
        "@jeena@jemmy.jeena.net"
      ]
      +children: Doctrine\ORM\PersistentCollection {#2360 …}
      +nested: Doctrine\ORM\PersistentCollection {#2361 …}
      +votes: Doctrine\ORM\PersistentCollection {#2372 …}
      +reports: Doctrine\ORM\PersistentCollection {#2386 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
      -id: 71772
      -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.world/comment/4812324"
      +editedAt: null
      +createdAt: DateTimeImmutable @1698260052 {#2363
        date: 2023-10-25 20:54:12.0 +02:00
      }
      +"title": 71772
    }
  ]
  -id: 7315
  -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
  -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1698180461
  +visibility: "visible             "
  +apId: "https://lemmy.world/post/7232834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698094061 {#2017
    date: 2023-10-23 22:47:41.0 +02:00
  }
  +__isInitialized__: true
   …2
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1696
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696}
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
  +body: """
    Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
    \n
    The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
    \n
    [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 10
  +score: 0
  +lastActive: DateTime @1698120749 {#1428
    date: 2023-10-24 06:12:29.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Hogger85b@kbin.social"
    "@netburnr@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1668 …}
  +nested: Doctrine\ORM\PersistentCollection {#1666 …}
  +votes: Doctrine\ORM\PersistentCollection {#1669 …}
  +reports: Doctrine\ORM\PersistentCollection {#1677 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
  -id: 68686
  -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4767964"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698120749 {#1440
    date: 2023-10-24 06:12:29.0 +02:00
  }
  +"title": 68686
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1696
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696}
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
  +body: """
    Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
    \n
    The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
    \n
    [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 10
  +score: 0
  +lastActive: DateTime @1698120749 {#1428
    date: 2023-10-24 06:12:29.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Hogger85b@kbin.social"
    "@netburnr@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1668 …}
  +nested: Doctrine\ORM\PersistentCollection {#1666 …}
  +votes: Doctrine\ORM\PersistentCollection {#1669 …}
  +reports: Doctrine\ORM\PersistentCollection {#1677 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
  -id: 68686
  -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4767964"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698120749 {#1440
    date: 2023-10-24 06:12:29.0 +02:00
  }
  +"title": 68686
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1696
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696}
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
  +body: """
    Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
    \n
    The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
    \n
    [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 10
  +score: 0
  +lastActive: DateTime @1698120749 {#1428
    date: 2023-10-24 06:12:29.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Hogger85b@kbin.social"
    "@netburnr@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1668 …}
  +nested: Doctrine\ORM\PersistentCollection {#1666 …}
  +votes: Doctrine\ORM\PersistentCollection {#1669 …}
  +reports: Doctrine\ORM\PersistentCollection {#1677 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
  -id: 68686
  -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4767964"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698120749 {#1440
    date: 2023-10-24 06:12:29.0 +02:00
  }
  +"title": 68686
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1559
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559}
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: """
    Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
    \n
    They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
    \n
    Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1698191326 {#1580
    date: 2023-10-25 01:48:46.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dual_sport_dork@lemmy.world"
    "@SpaceNoodle@lemmy.world"
    "@residentmarchant@lemmy.world"
    "@curve_empty_buzz@discuss.tchncs.de"
    "@Rooty@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1561 …}
  +nested: Doctrine\ORM\PersistentCollection {#1564 …}
  +votes: Doctrine\ORM\PersistentCollection {#1563 …}
  +reports: Doctrine\ORM\PersistentCollection {#1565 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
  -id: 70098
  -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4788727"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698191326 {#1550
    date: 2023-10-25 01:48:46.0 +02:00
  }
  +"title": 70098
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1559
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559}
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: """
    Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
    \n
    They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
    \n
    Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1698191326 {#1580
    date: 2023-10-25 01:48:46.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dual_sport_dork@lemmy.world"
    "@SpaceNoodle@lemmy.world"
    "@residentmarchant@lemmy.world"
    "@curve_empty_buzz@discuss.tchncs.de"
    "@Rooty@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1561 …}
  +nested: Doctrine\ORM\PersistentCollection {#1564 …}
  +votes: Doctrine\ORM\PersistentCollection {#1563 …}
  +reports: Doctrine\ORM\PersistentCollection {#1565 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
  -id: 70098
  -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4788727"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698191326 {#1550
    date: 2023-10-25 01:48:46.0 +02:00
  }
  +"title": 70098
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1559
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559}
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: """
    Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
    \n
    They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
    \n
    Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1698191326 {#1580
    date: 2023-10-25 01:48:46.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dual_sport_dork@lemmy.world"
    "@SpaceNoodle@lemmy.world"
    "@residentmarchant@lemmy.world"
    "@curve_empty_buzz@discuss.tchncs.de"
    "@Rooty@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1561 …}
  +nested: Doctrine\ORM\PersistentCollection {#1564 …}
  +votes: Doctrine\ORM\PersistentCollection {#1563 …}
  +reports: Doctrine\ORM\PersistentCollection {#1565 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
  -id: 70098
  -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4788727"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698191326 {#1550
    date: 2023-10-25 01:48:46.0 +02:00
  }
  +"title": 70098
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1613
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613}
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: """
    The guideline is abundantly clear too with little room for interpretation:\n
    \n
    > 5.1.1.1 Memorized Secret Authenticators\n
    \n
    > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
    \n
    [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1698191874 {#1621
    date: 2023-10-25 01:57:54.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dditty@lemm.ee"
    "@Natanael@slrpnk.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1596 …}
  +nested: Doctrine\ORM\PersistentCollection {#1702 …}
  +votes: Doctrine\ORM\PersistentCollection {#1683 …}
  +reports: Doctrine\ORM\PersistentCollection {#1680 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
  -id: 70111
  -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4789077"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698191874 {#1620
    date: 2023-10-25 01:57:54.0 +02:00
  }
  +"title": 70111
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1613
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613}
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: """
    The guideline is abundantly clear too with little room for interpretation:\n
    \n
    > 5.1.1.1 Memorized Secret Authenticators\n
    \n
    > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
    \n
    [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1698191874 {#1621
    date: 2023-10-25 01:57:54.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dditty@lemm.ee"
    "@Natanael@slrpnk.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1596 …}
  +nested: Doctrine\ORM\PersistentCollection {#1702 …}
  +votes: Doctrine\ORM\PersistentCollection {#1683 …}
  +reports: Doctrine\ORM\PersistentCollection {#1680 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
  -id: 70111
  -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4789077"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698191874 {#1620
    date: 2023-10-25 01:57:54.0 +02:00
  }
  +"title": 70111
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1613
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613}
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: """
    The guideline is abundantly clear too with little room for interpretation:\n
    \n
    > 5.1.1.1 Memorized Secret Authenticators\n
    \n
    > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
    \n
    [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1698191874 {#1621
    date: 2023-10-25 01:57:54.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dditty@lemm.ee"
    "@Natanael@slrpnk.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1596 …}
  +nested: Doctrine\ORM\PersistentCollection {#1702 …}
  +votes: Doctrine\ORM\PersistentCollection {#1683 …}
  +reports: Doctrine\ORM\PersistentCollection {#1680 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
  -id: 70111
  -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4789077"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698191874 {#1620
    date: 2023-10-25 01:57:54.0 +02:00
  }
  +"title": 70111
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1616
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616}
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1698201719 {#1705
    date: 2023-10-25 04:41:59.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dual_sport_dork@lemmy.world"
    "@SpaceNoodle@lemmy.world"
    "@residentmarchant@lemmy.world"
    "@curve_empty_buzz@discuss.tchncs.de"
    "@Rooty@lemmy.world"
    "@Hobo@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1598 …}
  +nested: Doctrine\ORM\PersistentCollection {#1629 …}
  +votes: Doctrine\ORM\PersistentCollection {#1626 …}
  +reports: Doctrine\ORM\PersistentCollection {#1618 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
  -id: 70270
  -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4795410"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698201719 {#1711
    date: 2023-10-25 04:41:59.0 +02:00
  }
  +"title": 70270
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1616
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616}
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1698201719 {#1705
    date: 2023-10-25 04:41:59.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dual_sport_dork@lemmy.world"
    "@SpaceNoodle@lemmy.world"
    "@residentmarchant@lemmy.world"
    "@curve_empty_buzz@discuss.tchncs.de"
    "@Rooty@lemmy.world"
    "@Hobo@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1598 …}
  +nested: Doctrine\ORM\PersistentCollection {#1629 …}
  +votes: Doctrine\ORM\PersistentCollection {#1626 …}
  +reports: Doctrine\ORM\PersistentCollection {#1618 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
  -id: 70270
  -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4795410"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698201719 {#1711
    date: 2023-10-25 04:41:59.0 +02:00
  }
  +"title": 70270
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1616
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616}
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
  +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
  +lang: "en"
  +isAdult: false
  +favouriteCount: 0
  +score: 0
  +lastActive: DateTime @1698201719 {#1705
    date: 2023-10-25 04:41:59.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@Cqrd@lemmy.dbzer0.com"
    "@dual_sport_dork@lemmy.world"
    "@SpaceNoodle@lemmy.world"
    "@residentmarchant@lemmy.world"
    "@curve_empty_buzz@discuss.tchncs.de"
    "@Rooty@lemmy.world"
    "@Hobo@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1598 …}
  +nested: Doctrine\ORM\PersistentCollection {#1629 …}
  +votes: Doctrine\ORM\PersistentCollection {#1626 …}
  +reports: Doctrine\ORM\PersistentCollection {#1618 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
  -id: 70270
  -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4795410"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698201719 {#1711
    date: 2023-10-25 04:41:59.0 +02:00
  }
  +"title": 70270
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1721
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721}
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
  +body: """
    That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
    \n
    I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
    \n
    For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 6
  +score: 0
  +lastActive: DateTime @1698243920 {#1723
    date: 2023-10-25 16:25:20.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@vivadanang@lemm.ee"
    "@SendMePhotos@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1736 …}
  +nested: Doctrine\ORM\PersistentCollection {#1737 …}
  +votes: Doctrine\ORM\PersistentCollection {#1732 …}
  +reports: Doctrine\ORM\PersistentCollection {#1735 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
  -id: 71197
  -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4806988"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698243920 {#1722
    date: 2023-10-25 16:25:20.0 +02:00
  }
  +"title": 71197
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1721
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721}
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
  +body: """
    That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
    \n
    I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
    \n
    For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 6
  +score: 0
  +lastActive: DateTime @1698243920 {#1723
    date: 2023-10-25 16:25:20.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@vivadanang@lemm.ee"
    "@SendMePhotos@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1736 …}
  +nested: Doctrine\ORM\PersistentCollection {#1737 …}
  +votes: Doctrine\ORM\PersistentCollection {#1732 …}
  +reports: Doctrine\ORM\PersistentCollection {#1735 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
  -id: 71197
  -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4806988"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698243920 {#1722
    date: 2023-10-25 16:25:20.0 +02:00
  }
  +"title": 71197
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1721
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721}
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
  +body: """
    That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
    \n
    I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
    \n
    For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 6
  +score: 0
  +lastActive: DateTime @1698243920 {#1723
    date: 2023-10-25 16:25:20.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@vivadanang@lemm.ee"
    "@SendMePhotos@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1736 …}
  +nested: Doctrine\ORM\PersistentCollection {#1737 …}
  +votes: Doctrine\ORM\PersistentCollection {#1732 …}
  +reports: Doctrine\ORM\PersistentCollection {#1735 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
  -id: 71197
  -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4806988"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698243920 {#1722
    date: 2023-10-25 16:25:20.0 +02:00
  }
  +"title": 71197
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1720
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720}
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
  +body: """
    Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
    \n
    There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
    \n
    Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
    \n
    I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698252503 {#1714
    date: 2023-10-25 18:48:23.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@vivadanang@lemm.ee"
    "@SendMePhotos@lemmy.world"
    "@Hobo@lemmy.world"
    "@MrMcGasion@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1717 …}
  +nested: Doctrine\ORM\PersistentCollection {#1741 …}
  +votes: Doctrine\ORM\PersistentCollection {#1707 …}
  +reports: Doctrine\ORM\PersistentCollection {#2464 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
  -id: 71493
  -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4809846"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698252503 {#1718
    date: 2023-10-25 18:48:23.0 +02:00
  }
  +"title": 71493
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1720
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720}
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
  +body: """
    Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
    \n
    There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
    \n
    Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
    \n
    I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698252503 {#1714
    date: 2023-10-25 18:48:23.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@vivadanang@lemm.ee"
    "@SendMePhotos@lemmy.world"
    "@Hobo@lemmy.world"
    "@MrMcGasion@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1717 …}
  +nested: Doctrine\ORM\PersistentCollection {#1741 …}
  +votes: Doctrine\ORM\PersistentCollection {#1707 …}
  +reports: Doctrine\ORM\PersistentCollection {#2464 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
  -id: 71493
  -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4809846"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698252503 {#1718
    date: 2023-10-25 18:48:23.0 +02:00
  }
  +"title": 71493
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#1720
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720}
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
  +body: """
    Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
    \n
    There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
    \n
    Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
    \n
    I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698252503 {#1714
    date: 2023-10-25 18:48:23.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@vivadanang@lemm.ee"
    "@SendMePhotos@lemmy.world"
    "@Hobo@lemmy.world"
    "@MrMcGasion@lemmy.world"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1717 …}
  +nested: Doctrine\ORM\PersistentCollection {#1741 …}
  +votes: Doctrine\ORM\PersistentCollection {#1707 …}
  +reports: Doctrine\ORM\PersistentCollection {#2464 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
  -id: 71493
  -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4809846"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698252503 {#1718
    date: 2023-10-25 18:48:23.0 +02:00
  }
  +"title": 71493
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2461
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461}
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
  +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698257948 {#2462
    date: 2023-10-25 20:19:08.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@LucyLastic@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2460 …}
  +nested: Doctrine\ORM\PersistentCollection {#2452 …}
  +votes: Doctrine\ORM\PersistentCollection {#2454 …}
  +reports: Doctrine\ORM\PersistentCollection {#2459 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
  -id: 71699
  -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4811661"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698257948 {#2458
    date: 2023-10-25 20:19:08.0 +02:00
  }
  +"title": 71699
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2461
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461}
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
  +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698257948 {#2462
    date: 2023-10-25 20:19:08.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@LucyLastic@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2460 …}
  +nested: Doctrine\ORM\PersistentCollection {#2452 …}
  +votes: Doctrine\ORM\PersistentCollection {#2454 …}
  +reports: Doctrine\ORM\PersistentCollection {#2459 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
  -id: 71699
  -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4811661"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698257948 {#2458
    date: 2023-10-25 20:19:08.0 +02:00
  }
  +"title": 71699
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2461
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461}
      0 => App\Entity\EntryComment {#2370
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
        +body: """
          They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
          \n
          Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
          \n
          Good luck though! I’m just glad I’m not the one that has to deal with it.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698260052 {#2371
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@jeena@jemmy.jeena.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2360 …}
        +nested: Doctrine\ORM\PersistentCollection {#2361 …}
        +votes: Doctrine\ORM\PersistentCollection {#2372 …}
        +reports: Doctrine\ORM\PersistentCollection {#2386 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
        -id: 71772
        -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4812324"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698260052 {#2363
          date: 2023-10-25 20:54:12.0 +02:00
        }
        +"title": 71772
      }
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
  +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698257948 {#2462
    date: 2023-10-25 20:19:08.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@LucyLastic@sh.itjust.works"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2460 …}
  +nested: Doctrine\ORM\PersistentCollection {#2452 …}
  +votes: Doctrine\ORM\PersistentCollection {#2454 …}
  +reports: Doctrine\ORM\PersistentCollection {#2459 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
  -id: 71699
  -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4811661"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698257948 {#2458
    date: 2023-10-25 20:19:08.0 +02:00
  }
  +"title": 71699
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2370
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370}
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
  +body: """
    They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
    \n
    Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
    \n
    Good luck though! I’m just glad I’m not the one that has to deal with it.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698260052 {#2371
    date: 2023-10-25 20:54:12.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@jeena@jemmy.jeena.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2360 …}
  +nested: Doctrine\ORM\PersistentCollection {#2361 …}
  +votes: Doctrine\ORM\PersistentCollection {#2372 …}
  +reports: Doctrine\ORM\PersistentCollection {#2386 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
  -id: 71772
  -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4812324"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698260052 {#2363
    date: 2023-10-25 20:54:12.0 +02:00
  }
  +"title": 71772
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2370
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370}
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
  +body: """
    They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
    \n
    Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
    \n
    Good luck though! I’m just glad I’m not the one that has to deal with it.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698260052 {#2371
    date: 2023-10-25 20:54:12.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@jeena@jemmy.jeena.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2360 …}
  +nested: Doctrine\ORM\PersistentCollection {#2361 …}
  +votes: Doctrine\ORM\PersistentCollection {#2372 …}
  +reports: Doctrine\ORM\PersistentCollection {#2386 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
  -id: 71772
  -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4812324"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698260052 {#2363
    date: 2023-10-25 20:54:12.0 +02:00
  }
  +"title": 71772
}
"App\Security\Voter\UserVoter"
App\Entity\EntryComment {#2370
  +user: App\Entity\User {#261 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1571
    +user: Proxies\__CG__\App\Entity\User {#2057 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1995 …}
    +slug: "Tech-workers-what-did-your-IT-Security-team-do-that"
    +title: "Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?"
    +url: null
    +body: """
      One chestnut from my history in lottery game development:\n
      \n
      While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.\n
      \n
      Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 261
    +favouriteCount: 423
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1698669717 {#2362
      date: 2023-10-30 13:41:57.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2352 …}
    +votes: Doctrine\ORM\PersistentCollection {#1350 …}
    +reports: Doctrine\ORM\PersistentCollection {#1351 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1353 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1358 …}
    +badges: Doctrine\ORM\PersistentCollection {#1355 …}
    +children: [
      7 => App\Entity\EntryComment {#1696
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1650 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1679 …}
        +body: """
          Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.\n
          \n
          The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.\n
          \n
          [www.stigviewer.com/stig/…/V-69243](https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 10
        +score: 0
        +lastActive: DateTime @1698120749 {#1428
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Hogger85b@kbin.social"
          "@netburnr@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1668 …}
        +nested: Doctrine\ORM\PersistentCollection {#1666 …}
        +votes: Doctrine\ORM\PersistentCollection {#1669 …}
        +reports: Doctrine\ORM\PersistentCollection {#1677 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1576 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1587 …}
        -id: 68686
        -bodyTs: "'-12':54 '/stig/':82 '/stig/application_security_and_development/2017-01-09/finding/v-69243)':86 '/v-69243':83 '99999':73 'ac':53 'also':28 'ao':66 'appli':20,35 'applic':12 'could':68 'get':19,49 'gpos':34 'heck':63 'let':55 'mil':32 'misunderstood':1 'overlook':50 'polici':76 'privileg':27,42 'regardless':24,40 'set':58,70 'sound':5 'stig':2,9,33 'tend':17,47 'theoret':69 'thing':45 'think':30 'unprivileg':14 'user':15,26 'want':65,79 'whatev':61 'workstat':23,39 'www.stigviewer.com':81,85 'www.stigviewer.com/stig/':80 'www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/v-69243)':84 'year':74"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4767964"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698120749 {#1440
          date: 2023-10-24 06:12:29.0 +02:00
        }
        +"title": 68686
      }
      6 => App\Entity\EntryComment {#1559
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1567 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky “security is dumb lol” employee’s 5 year out-of-date iphone via text message while they’re sleeping, and use the camera from that phone to recon the password.\n
          \n
          They probably wouldn’t want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you’re in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn’t outside of the threat model.\n
          \n
          Most likely that threat model doesn’t apply to you, but perhaps at least put it under the keyboard out of plain sight?
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698191326 {#1580
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1561 …}
        +nested: Doctrine\ORM\PersistentCollection {#1564 …}
        +votes: Doctrine\ORM\PersistentCollection {#1563 …}
        +reports: Doctrine\ORM\PersistentCollection {#1565 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1558 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1557 …}
        -id: 70098
        -bodyTs: "'3.50':71 '5':40 'access':105 'account':78,91 'anoth':7 'appli':132 'bank':77,84 'better':94 'camera':15,57 'cocki':33 'compani':113 'comput':24 'corpor':81,90 'data':82 'date':45 'devic':11,19,117 'differ':18 'doesn':130 'dumb':36 'employe':38 'even':93 'exampl':26 'execut':107 'financi':108 'high':100 'instal':29 'iphon':46 'isn':118 'keyboard':143 'larger':112 'least':138 'less':8 'like':126 'lol':37 'messag':49 'model':124,129 'nope':1 'out-of-d':42 'outsid':120 'password':64 'pay':83,92 'pegasus':30 'perhap':136 'person':10,73,116 'phone':60 'plain':146 'posit':102 'premis':3 'privileg':101 'probabl':66 'put':139 'pwn':6,21 'pwning':114 'ransom':80 're':52,97 'recon':62 'secur':9,34 'sight':147 'silent':28 'sleep':53 'text':48 'threat':123,128 'transact':109 'transfer':87 'use':13,55 'via':47 'want':69 'wire':86 'work':23 'wouldn':67 'year':41"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4788727"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191326 {#1550
          date: 2023-10-25 01:48:46.0 +02:00
        }
        +"title": 70098
      }
      5 => App\Entity\EntryComment {#1613
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1604 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: """
          The guideline is abundantly clear too with little room for interpretation:\n
          \n
          > 5.1.1.1 Memorized Secret Authenticators\n
          \n
          > Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. **Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).** However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.\n
          \n
          [pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1698191874 {#1621
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dditty@lemm.ee"
          "@Natanael@slrpnk.net"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1596 …}
        +nested: Doctrine\ORM\PersistentCollection {#1702 …}
        +votes: Doctrine\ORM\PersistentCollection {#1683 …}
        +reports: Doctrine\ORM\PersistentCollection {#1680 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1686 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1692 …}
        -id: 70111
        -bodyTs: "'/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':67 '5.1.1.1':12 'abund':4 'arbitrarili':47 'authent':15,64 'chang':46,55 'charact':28,34 'clear':5 'composit':21 'compromis':61 'consecut':32 'differ':27 'e.g':23,48 'evid':59 'forc':53 'guidelin':2 'howev':50 'impos':19 'interpret':11 'littl':8 'memor':13,36,42 'mixtur':25 'pages.nist.gov':66 'pages.nist.gov/800-63-3/sp800-63b.html](https://pages.nist.gov/800-63-3/sp800-63b.html)':65 'period':49 'prohibit':31 'repeat':33 'requir':24,41 'room':9 'rule':22 'secret':14,37,43 'shall':52 'type':29 'verifi':16,38,51"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4789077"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698191874 {#1620
          date: 2023-10-25 01:57:54.0 +02:00
        }
        +"title": 70111
      }
      4 => App\Entity\EntryComment {#1616
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1611 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1527 …}
        +body: "I made one comment to you clarifying the other person’s point because you clearly didn’t understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you."
        +lang: "en"
        +isAdult: false
        +favouriteCount: 0
        +score: 0
        +lastActive: DateTime @1698201719 {#1705
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@Cqrd@lemmy.dbzer0.com"
          "@dual_sport_dork@lemmy.world"
          "@SpaceNoodle@lemmy.world"
          "@residentmarchant@lemmy.world"
          "@curve_empty_buzz@discuss.tchncs.de"
          "@Rooty@lemmy.world"
          "@Hobo@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1598 …}
        +nested: Doctrine\ORM\PersistentCollection {#1629 …}
        +votes: Doctrine\ORM\PersistentCollection {#1626 …}
        +reports: Doctrine\ORM\PersistentCollection {#1618 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1597 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1731 …}
        -id: 70270
        -bodyTs: "'clarifi':7 'clear':15 'comment':4 'compani':29 'coupl':26 'didn':16 'fold':30 'made':2 'one':3 'password':37 'person':10,23 'point':12 'post':40 'ransom':34 'say':22 'seen':24 'small':28 'understand':18"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4795410"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698201719 {#1711
          date: 2023-10-25 04:41:59.0 +02:00
        }
        +"title": 70270
      }
      3 => App\Entity\EntryComment {#1721
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1726 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          That’s obvious when a mouse or keyboard doesn’t work. OP, and clealy other people in here, don’t really understand the actual attack vector in play. They aren’t using the USB as data storage, they are using as a cellular connected RAT and/or a tool to deploy a RAT to a workstation.\n
          \n
          I think gluing usbs is dumb in just about any environment (disable them on the BIOS is the right answer), but attackers aren’t using it to drag and drop files and then physically take the usb with them. They are plugging them into a workstation, or just leaving them in the parking lot and letting other people plug them in, leveraging them to get initial access, and then essentially abandoning them.\n
          \n
          For example see stuxnet: [en.m.wikipedia.org/wiki/Stuxnet](https://en.m.wikipedia.org/wiki/Stuxnet)
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 6
        +score: 0
        +lastActive: DateTime @1698243920 {#1723
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1736 …}
        +nested: Doctrine\ORM\PersistentCollection {#1737 …}
        +votes: Doctrine\ORM\PersistentCollection {#1732 …}
        +reports: Doctrine\ORM\PersistentCollection {#1735 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1729 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1719 …}
        -id: 71197
        -bodyTs: "'/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':134 'abandon':126 'access':122 'actual':24 'and/or':46 'answer':75 'aren':30,78 'attack':25,77 'bio':71 'cellular':43 'cleali':14 'connect':44 'data':36 'deploy':50 'disabl':67 'doesn':9 'drag':83 'drop':85 'dumb':61 'en.m.wikipedia.org':133 'en.m.wikipedia.org/wiki/stuxnet](https://en.m.wikipedia.org/wiki/stuxnet)':132 'environ':66 'essenti':125 'exampl':129 'file':86 'get':120 'glu':58 'initi':121 'keyboard':8 'leav':104 'let':111 'leverag':117 'lot':109 'mous':6 'obvious':3 'op':12 'park':108 'peopl':16,113 'physic':89 'play':28 'plug':97,114 'rat':45,52 'realli':21 'right':74 'see':130 'storag':37 'stuxnet':131 'take':90 'think':57 'tool':48 'understand':22 'usb':34,59,92 'use':32,40,80 'vector':26 'work':11 'workstat':55,101"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4806988"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698243920 {#1722
          date: 2023-10-25 16:25:20.0 +02:00
        }
        +"title": 71197
      }
      2 => App\Entity\EntryComment {#1720
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1716 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#1728 …}
        +body: """
          Yep you’re right, but at least that adds another layer of complexity to their attack. A lot of security controls are at least somewhat situational, and most non-draconian companies have a process to put further mitigations around those exceptions either from increased monitoring or adding additional supplemental controls.\n
          \n
          There’s no such thing at perfect security, just better risk mitigation. Slipping in a usb hub between the computer and keyboard while someone isn’t looking is a bit trickier then just plugging in a usb stick. If you disable unused usbs in the bios, instead of trying to do silly stuff like glue them shut, then the attacker has at least been temporarily thwarted if they slot it into a dead port. Aside from the high traffic areas, disabling ALL usb ports in places like datacenters and especially colocated datacenters, can thwart the attack outright as well.\n
          \n
          Really from looking through this thread a lot of people seem to be under the misconception that security that isn’t perfect is pointless. It’s like claiming that locking your doors is pointless because lockpicks exists. The point isn’t to keep a sophisticated attack at bay, but rather to keep script kiddies and drive-by attacks from hitting your network. To defend against sophisticated attacks you really have to go a bit crazy, and even then very small slip ups can be disastrous. Ask Microsoft about their root cert getting leaked via a core dump!\n
          \n
          I fully acknowledge that many people also work for places with dumbass security controls. Gluing usbs is WAYYYY up there on that list in my opinion. It also looks like a lot of people work at places that have really shitty security teams that haven’t quite figured out that controls are situational and require more thought then, “see checkbox, execute checkbox.”
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698252503 {#1714
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@vivadanang@lemm.ee"
          "@SendMePhotos@lemmy.world"
          "@Hobo@lemmy.world"
          "@MrMcGasion@lemmy.world"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1717 …}
        +nested: Doctrine\ORM\PersistentCollection {#1741 …}
        +votes: Doctrine\ORM\PersistentCollection {#1707 …}
        +reports: Doctrine\ORM\PersistentCollection {#2464 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2448 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2447 …}
        -id: 71493
        -bodyTs: "'acknowledg':251 'ad':48 'add':9 'addit':49 'also':255,276 'anoth':10 'area':131 'around':40 'asid':126 'ask':237 'attack':16,111,147,196,209,218 'bay':198 'better':61 'bio':97 'bit':81,225 'cert':242 'checkbox':308,310 'claim':178 'coloc':142 'compani':32 'complex':13 'comput':71 'control':21,51,262,299 'core':247 'crazi':226 'datacent':139,143 'dead':124 'defend':215 'disabl':92,132 'disastr':236 'door':182 'draconian':31 'drive':207 'drive-bi':206 'dumbass':260 'dump':248 'either':43 'especi':141 'even':228 'except':42 'execut':309 'exist':187 'figur':296 'fulli':250 'get':243 'glu':263 'glue':106 'go':223 'haven':293 'high':129 'hit':211 'hub':68 'increas':45 'instead':98 'isn':76,170,190 'keep':193,202 'keyboard':73 'kiddi':204 'layer':11 'leak':244 'least':7,24,114 'like':105,138,177,278 'list':271 'lock':180 'lockpick':186 'look':78,153,277 'lot':18,158,280 'mani':253 'microsoft':238 'misconcept':166 'mitig':39,63 'monitor':46 'network':213 'non':30 'non-draconian':29 'opinion':274 'outright':148 'peopl':160,254,282 'perfect':58,172 'place':137,258,285 'plug':85 'point':189 'pointless':174,184 'port':125,135 'process':35 'put':37 'quit':295 'rather':200 're':3 'realli':151,220,288 'requir':303 'right':4 'risk':62 'root':241 'script':203 'secur':20,59,168,261,290 'see':307 'seem':161 'shitti':289 'shut':108 'silli':103 'situat':26,301 'slip':64,232 'slot':120 'small':231 'someon':75 'somewhat':25 'sophist':195,217 'stick':89 'stuff':104 'supplement':50 'team':291 'temporarili':116 'thing':56 'thought':305 'thread':156 'thwart':117,145 'traffic':130 'tri':100 'trickier':82 'unus':93 'up':233 'usb':67,88,94,134,264 'via':245 'wayyyi':266 'well':150 'work':256,283 'yep':1"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4809846"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698252503 {#1718
          date: 2023-10-25 18:48:23.0 +02:00
        }
        +"title": 71493
      }
      1 => App\Entity\EntryComment {#2461
        +user: App\Entity\User {#261 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1571 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +root: Proxies\__CG__\App\Entity\EntryComment {#2456 …}
        +body: "I’m absolutely shocked that a company had a software whitelist before the widespread adoption of the internet. Ahead of their time in implementing, and fucking up, software whitelisting!"
        +lang: "en"
        +isAdult: false
        +favouriteCount: 1
        +score: 0
        +lastActive: DateTime @1698257948 {#2462
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@Krudler@lemmy.world"
          "@LucyLastic@sh.itjust.works"
        ]
        +children: Doctrine\ORM\PersistentCollection {#2460 …}
        +nested: Doctrine\ORM\PersistentCollection {#2452 …}
        +votes: Doctrine\ORM\PersistentCollection {#2454 …}
        +reports: Doctrine\ORM\PersistentCollection {#2459 …}
        +favourites: Doctrine\ORM\PersistentCollection {#2470 …}
        +notifications: Doctrine\ORM\PersistentCollection {#2467 …}
        -id: 71699
        -bodyTs: "'absolut':3 'adopt':15 'ahead':19 'compani':7 'fuck':26 'implement':24 'internet':18 'm':2 'shock':4 'softwar':10,28 'time':22 'whitelist':11,29 'widespread':14"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://lemmy.world/comment/4811661"
        +editedAt: null
        +createdAt: DateTimeImmutable @1698257948 {#2458
          date: 2023-10-25 20:19:08.0 +02:00
        }
        +"title": 71699
      }
      0 => App\Entity\EntryComment {#2370}
    ]
    -id: 7315
    -titleTs: "'benefit':19 'hell':14 'life':13 'made':11 'practic':18 'secur':7 'team':8 'tech':1 'worker':2"
    -bodyTs: "'also':71 'around':34 'chart':30 'chestnut':2 'connect':65 'data':52 'develop':9 'drive':56,79 'everi':73 'game':8 'general':20 'glu':36 'good':21 'histori':5 'hot':35 'ignor':58 'incred':15 'internet':64 'internet-connect':63 'job':22 'level':24 'lotteri':7 'machin':74 'mitig':51 'oftentim':23 'one':1 'optic':78 'paranoia':26 'pcs':46 'port':43 'premis':49 'rw':77 'secur':12 'shut':37 'staff':13 'theft':53 'thing':70 'thumb':55 'tight':16 'unnecessari':41 'usb':42 'via':54 'vpns':67 'went':33"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1698180461
    +visibility: "visible             "
    +apId: "https://lemmy.world/post/7232834"
    +editedAt: null
    +createdAt: DateTimeImmutable @1698094061 {#2017
      date: 2023-10-23 22:47:41.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1572 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#2377 …}
  +body: """
    They are sort of right but have implemented it terribly. Serving out a static webpage is pretty low on the “things that are exploitable” but it’s still an entry point into the network (unless this is all internal then this gets a bit silly). What you need to do is get IT to set up a proxy and run apt/certbot through that proxy. It defends against some basic reverse shell techniques and gives you better control over the webhosts traffic. Even better would be to put a WAP and a basic load balancer in front of the webhost, AND proxy external communications.\n
    \n
    Blocking updates/security services is dogshit though and usually is done by people that are a bit slow on the uptake. Basically they have completely missed the point of blocking external comms and created a way more massive risk in the process… They either need to politely corrected or shamed mercilessly if that doesn’t work.\n
    \n
    Good luck though! I’m just glad I’m not the one that has to deal with it.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 1
  +score: 0
  +lastActive: DateTime @1698260052 {#2371
    date: 2023-10-25 20:54:12.0 +02:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Krudler@lemmy.world"
    "@jeena@jemmy.jeena.net"
  ]
  +children: Doctrine\ORM\PersistentCollection {#2360 …}
  +nested: Doctrine\ORM\PersistentCollection {#2361 …}
  +votes: Doctrine\ORM\PersistentCollection {#2372 …}
  +reports: Doctrine\ORM\PersistentCollection {#2386 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2385 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2378 …}
  -id: 71772
  -bodyTs: "'apt/certbot':61 'balanc':94 'basic':69,92,124 'better':76,83 'bit':44,119 'block':104,132 'comm':134 'communic':103 'complet':127 'control':77 'correct':150 'creat':136 'deal':174 'defend':66 'doesn':156 'dogshit':108 'done':113 'either':146 'entri':30 'even':82 'exploit':24 'extern':102,133 'front':96 'get':42,52 'give':74 'glad':165 'good':159 'implement':8 'intern':39 'load':93 'low':18 'luck':160 'm':163,167 'massiv':140 'merciless':153 'miss':128 'need':48,147 'network':34 'one':170 'peopl':115 'point':31,130 'polit':149 'pretti':17 'process':144 'proxi':58,64,101 'put':87 'revers':70 'right':5 'risk':141 'run':60 'serv':11 'servic':106 'set':55 'shame':152 'shell':71 'silli':45 'slow':120 'sort':3 'static':14 'still':28 'techniqu':72 'terribl':10 'thing':21 'though':109,161 'traffic':81 'unless':35 'updates/security':105 'uptak':123 'usual':111 'wap':89 'way':138 'webhost':80,99 'webpag':15 'work':158 'would':84"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.world/comment/4812324"
  +editedAt: null
  +createdAt: DateTimeImmutable @1698260052 {#2363
    date: 2023-10-25 20:54:12.0 +02:00
  }
  +"title": 71772
}
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"
null
"App\Security\Voter\UserVoter"

Symfony Profiler

GET https://kbin.spritesserver.nl/u/@Hobo@lemmy.world

Configuration Settings

Theme

Page Width

Security

Token

Firewall

Configuration

Listeners

Authenticators

Access Decision

Access decision log