Cybersecurity

7161 readers

321 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

182

DOGE software engineer’s computer infected by info-stealing malware (arstechnica.com)

submitted 13 hours ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

18 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Telorand@reddthat.com 11 points 9 hours ago (1 children)

I understand your desire to be charitable or tempered, but this isn't some random schmuck who made an oopsie and reused a password from a previous database hack.

This idiot has his dumb fingers in vital government systems, and the fact that he didn't clean up his security profile before wreaking havoc says a lot about his ability to do his job safely. Thus, I think it is justified to point out the fact that he's stupid and can't get his security together, and your charitability is wasted on someone like him.

[–] sylver_dragon@lemmy.world 2 points 6 hours ago (1 children)

I understand your desire to be charitable or tempered, but this isn’t some random schmuck who made an oopsie and reused a password from a previous database hack.

And nothing we know shows that he did that. Sure, he could have, and maybe he is that bad at security. The whole article is based on the supposition that he is reusing passwords. With no proof provided. If there's some evidence, then sure burn the witch. Otherwise, it's just baseless supposition.

This idiot has his dumb fingers in vital government systems, and the fact that he didn’t clean up his security profile before wreaking havoc says a lot about his ability to do his job safely.

There isn't anything he could have done about past breaches. As I said, my email is still in the HaveIBeenPwned database, not because I didn't clean up anything, but because I can't clean up anything. Once those creds have been published, they stay published forever. The only thing you can do is rotate any affected passwords and move on with life.

And yes, the obvious failures on the DOGE website do speak to poor coding practices. I wouldn't hire the guy to code anything, but I still think the article is just over the top muck raking trying to turn breached credentials into a story which really isn't there.

[–] Telorand@reddthat.com 3 points 6 hours ago

When was the last time you heard about a vibe coder with unfettered access to government systems getting hacked? Probably never, because the government used to try its best to ensure security policy was followed. But Trump and Elon come along, and all of a sudden, secure info is leaked everywhere.

I understand your desire to remain skeptical and demand evidence, I do, but I think you're just throwing your pearls before swine at the end of the day in doing so.