Hacker News new | ask | show | jobs
by iwantagrinder 2366 days ago
All of this shit comes through phishing emails with Office docs containing malicious macros or links. Literally 99% of it. All of these stories should say "Sysadmins ignored best practices of disabling unapproved macros, allowing malware to gain a foothold, dump privileged credentials on the system, and move laterally through the environment with ease"
1 comments
briffle 2366 days ago
Its a university, so more likely "Sysadmins implemented best practices of disabling unapproved macros, but due to an extreme number of complaints from academic staff that all their research would be ruined, had to disable it again."
link
iwantagrinder 2366 days ago
So you allow it for those folks and block it for the rest, there will always be edge cases but you need to reduce risk and attack surface. So hopefully they have those academic staff members on record as accepting the risk.
link
gruez 2366 days ago
>So hopefully they have those academic staff members on record as accepting the risk.

Then what? Use them as the scapegoat when the network does get compromised? Feels like the exact opposite of blameless postmortems.

link