It’s likely an unauthorized access. Ford has a lot of IT security, but it’s the kind of security that is so secure, it becomes insecure (many passwords, very frequent password updates, which lead to people just writing the passwords down).

[–] Ambiwar@hexbear.net 37 points 2 weeks ago (1 children)

Are you saying the incoherent ramblings of my phone notes app could be compromised?

[–] Deadend@hexbear.net 29 points 2 weeks ago (1 children)

I can’t say for sure. Please post screenshots and I’ll let you know.

But it is a real Security issue, where the org has such a strict policy on ALL users to maintain a high level of security hygiene that it’s impossible to keep up with while doing normal work. It’s why there is such a big push for SSO systems/portals. As that way you can have 99% of users be kind of dumb - as long as they use your company portal - they should be good.. and a smaller team focused on the security of that portal and looking for odd login actions per user.

[–] invalidusernamelol@hexbear.net 13 points 2 weeks ago (1 children)

Requiring rotating key/authenticator access for remote work and allowing users to come up with a solid terminal password on local access is pretty good.

That way all local connections can be verified and remote logins have the extra security layer.

That being said, if a priveleged user manages to compromise their local work machine it's all fucked.

[–] Deadend@hexbear.net 2 points 1 week ago (1 children)

That’s where security experts who are checking for things to go bad come in.

Making everyone a security expert + doing their job is some uphill ice skating.

[–] invalidusernamelol@hexbear.net 2 points 1 week ago (1 children)

A good bet it to open a dummy ssh port that no one should ever connect to, then immediately add any ip that tries to connect to it to a blacklist.

At the end of the day every security measure can be bypassed, you just need to be prepared for that inevitability.

[–] Deadend@hexbear.net 2 points 1 week ago

Locks are based on time/difficulty/detectability in the real world. The goal is “can’t to break in without getting caught”

It’s all a balance between risk/security and actually being useful.

[–] Dessa@hexbear.net 17 points 2 weeks ago

I work for a company with that sort of security. It's infuriating and many people miss hours of work because they need IT's help to get back in every time there's a password change.

[–] peeonyou@hexbear.net 7 points 2 weeks ago (1 children)

you worked at ford?

[–] Deadend@hexbear.net 4 points 2 weeks ago (1 children)

No.

[–] peeonyou@hexbear.net 4 points 2 weeks ago

you hacked them then?

[–] Sulvor@hexbear.net 65 points 2 weeks ago

Yeah it’s good to remember that while we might hold some pretty fringe opinions here, the belief that Israel is an illegitimate terrorist state is nowhere near as fringe as it was a year ago.

[–] Imnecomrade@hexbear.net 26 points 2 weeks ago (1 children)

Right wing media outlets are claiming the account was hacked, lol.

[–] bbnh69420@hexbear.net 32 points 2 weeks ago (1 children)

I mean, that’s probably true

[–] Imnecomrade@hexbear.net 20 points 2 weeks ago

I guess if it was unauthorized access, I bet it's still from a disgruntled internal employee or contractor, in which case that level of "hacking" is the equivalent of saying you hacked your mom's facebook account because her account was open on her computer or her password manager let you in.