[petepete]

"After installing malware on the engineers’ computers by luring them to a fake version of the LinkedIn website, GCHQ was able to steal their keys to the secure parts of Belgacom’s networks and begin monitoring the data flowing across them. "

FFS.

[chatmasta]

The computers of engineers are great targets for hacking. Dozens of package managers across languages and operating systems, as well as GitHub, provide easy vectors for getting complex code to execute on computer of the dev. Devs are used to running code from the terminal, and typically have many interesting files in their file systems that could assist with lateral movement or even lead to compromising of the build system (!!)

Despite this, devs are still generally very cavalier about running code from the internet on their machines. Often times they have no choice of security mitigations because their package manager is compromised by flaws in its design.

[madez]

Why do people let keys lie around on storage? A smartcard is dirt cheap and comes even including reader in all shapes and sizes. There are no excuses.